| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.10.2012, 12:21
| #1 |
 |  Trojaner eingefangen Hallo. Ich bin schon etwas älter und kenne mich nur mittelmäßig mit dem PC aus. Habe mir ein FLV-Konverter downgeloadet. Danach klappte Firefox nicht mehr richtig. Sobald ich ein neues Fenster öffnen möchte, kommt folgende Meldung: hxxp://www.searchnu.com/413?tag=newtab Auch hängt das Adressfeld sobald ich einmal eine Internetseite aufrufen möchte. Kann mir jemand weiterhelfen? Überlege, ob ich den PC nun komplett neu aufspielen muss, oder ob Ihr mir helfen könnt, das Problem zu beseitigen. Ich bedanke mich für Eure Hilfe im voraus. VG Micha |
|
07.10.2012, 00:17
| #2 |
| /// Helfer-Team  | Trojaner eingefangen Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
08.10.2012, 18:10
| #3 |
| | Trojaner eingefangen Hallo John.
__________________Vielen Dank für Deine Hilfe. Habe alles befolgt wie beschrieben. Hier die Txt der OHL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/7/2012 3:08:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michael\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.25 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 56.17% Memory free 6.49 Gb Paging File | 4.93 Gb Available in Paging File | 75.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150.00 Gb Total Space | 54.72 Gb Free Space | 36.48% Space Free | Partition Type: NTFS Drive D: | 150.00 Gb Total Space | 85.87 Gb Free Space | 57.25% Space Free | Partition Type: NTFS Drive E: | 244.14 Gb Total Space | 177.76 Gb Free Space | 72.81% Space Free | Partition Type: NTFS Drive F: | 315.76 Gb Total Space | 226.27 Gb Free Space | 71.66% Space Free | Partition Type: NTFS Drive L: | 3.80 Gb Total Space | 2.76 Gb Free Space | 72.61% Space Free | Partition Type: FAT32 Drive M: | 3.72 Gb Total Space | 3.57 Gb Free Space | 95.88% Space Free | Partition Type: FAT32 Drive N: | 1.88 Gb Total Space | 1.51 Gb Free Space | 80.19% Space Free | Partition Type: FAT Drive O: | 7.52 Gb Total Space | 4.46 Gb Free Space | 59.30% Space Free | Partition Type: FAT32 Drive P: | 7.52 Gb Total Space | 7.52 Gb Free Space | 99.92% Space Free | Partition Type: FAT32 Computer Name: BÜRO | User Name: michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\michael\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\FBWMgr.exe () PRC - C:\Programme\Hotspot Shield\bin\fbw.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpn.exe () PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe () PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Hotspot Shield\bin\FBWMgr.exe () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe () MOD - C:\Programme\RocketDock\RocketDock.exe () MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe () SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413 IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html" FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4 FF - prefs.js..extensions.enabledAddons: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.8 FF - prefs.js..extensions.enabledAddons: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.15.1.0 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0 FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.6 FF - prefs.js..extensions.enabledAddons: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:6.0.1367 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.2.0 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 FF - prefs.js..extensions.enabledAddons: fastdial@telega.phpnet.us:4.2.2 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.4 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/31 19:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/31 19:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/26 05:19:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/09/15 18:10:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/11/30 03:03:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/25 14:54:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 17:56:25 | 000,000,000 | ---D | M] [2012/09/21 08:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions [2012/09/26 18:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions [2012/09/21 08:43:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012/08/22 20:45:04 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012/09/17 09:41:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/09/13 07:02:05 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012/09/25 15:17:51 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\michael\AppData\Roaming\mozilla\Firefox\Profiles\lkeockjy.default\extensions\fastdial@telega.phpnet.us [2012/06/21 17:40:13 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\adblockpopups@jessehakanen.net.xpi [2012/09/20 17:39:37 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\autopager@mozilla.org.xpi [2012/07/06 15:00:26 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\elemhidehelper@adblockplus.org.xpi [2012/09/25 15:14:27 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012/01/11 16:21:05 | 000,211,765 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi [2012/07/25 17:01:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/09/26 18:44:18 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012/09/15 12:50:56 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2011/03/24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\searchplugins\conduit.xml [2012/09/21 08:43:39 | 000,002,515 | ---- | M] () -- C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\lkeockjy.default\searchplugins\Search_Results.xml [2012/09/25 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011/01/28 05:57:46 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011/09/15 18:10:41 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} [2011/11/30 03:03:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2011/01/28 05:57:46 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2012/09/21 08:43:45 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012/09/05 13:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/09/05 14:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/05 14:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/05 14:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/09/05 14:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/09/21 08:43:39 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012/09/05 14:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/09/05 14:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 09:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (ST Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O2 - BHO: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (ST Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (ST Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [openvpn-gui] C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe () O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG) O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-599604033-3751420728-3843262701-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) O4 - Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2889133E-DD1A-4C35-81DA-54750AD2E685}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52A12BB1-667C-4F1D-9DBC-19BDE8B44C92}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE01CC9F-057B-4470-B033-8B005E689979}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/06 09:37:21 | 004,748,656 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\hss-update.upd [2012/10/03 20:13:37 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Hundeschaden [2012/09/29 19:26:55 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Guido [2012/09/26 22:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/09/26 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Malwarebytes [2012/09/26 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/26 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/26 18:57:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/26 18:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/26 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\TeamViewer [2012/09/26 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\Logis [2012/09/26 09:47:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/09/26 09:36:52 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astaro SSL VPN Client [2012/09/26 09:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Astaro [2012/09/26 08:55:24 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\ICAClient [2012/09/26 08:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2012/09/26 08:54:30 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Citrix [2012/09/26 08:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix [2012/09/26 08:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2012/09/25 14:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/09/22 09:43:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\default [2012/09/22 09:29:25 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/09/22 09:29:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/09/22 09:29:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/09/22 09:29:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/09/22 09:29:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/09/21 12:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/09/21 08:43:40 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2012/09/21 08:43:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2012/09/21 08:43:38 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2012/09/21 08:43:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL [2012/09/21 08:43:38 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX [2012/09/21 08:43:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL [2012/09/21 08:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2012/09/21 08:43:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX [2012/09/21 08:43:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2012/09/21 08:43:36 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\FreeFLVConverter [2012/09/21 08:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2012/09/19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012/09/12 18:37:14 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012/09/12 18:37:14 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS ========== Files - Modified Within 30 Days ========== [2012/10/07 15:09:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/07 14:58:11 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_michael.job [2012/10/07 14:57:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/07 14:57:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/07 14:57:32 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys [2012/10/07 14:56:47 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 14:56:47 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 14:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/07 12:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\A3fU5P.dat [2012/10/07 12:36:49 | 000,000,001 | ---- | M] () -- C:\ProgramData\Ln3X5T47.exe_.b [2012/10/07 12:36:49 | 000,000,001 | ---- | M] () -- C:\ProgramData\Ln3X5T47.exe.b [2012/10/07 10:19:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_michael.job [2012/10/07 09:03:47 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_michael.job [2012/10/06 09:37:21 | 004,748,656 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\hss-update.upd [2012/10/05 08:15:52 | 000,655,278 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/10/05 08:15:52 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/05 08:15:52 | 000,130,478 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/10/05 08:15:52 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/02 10:33:45 | 000,001,755 | ---- | M] () -- C:\Users\michael\AppData\Roaming\SAS7_000.DAT [2012/09/30 16:53:25 | 003,837,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/09/26 09:52:52 | 000,002,002 | -H-- | M] () -- C:\Users\michael\Documents\Default.rdp [2012/09/22 09:36:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012/09/22 09:17:29 | 000,001,316 | ---- | M] () -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/09/20 19:47:16 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/09/20 19:47:16 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/10/07 12:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\A3fU5P.dat [2012/10/07 12:36:49 | 000,000,001 | ---- | C] () -- C:\ProgramData\Ln3X5T47.exe_.b [2012/10/07 12:36:49 | 000,000,001 | ---- | C] () -- C:\ProgramData\Ln3X5T47.exe.b [2012/10/01 13:14:01 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_michael.job [2012/10/01 13:14:01 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_michael.job [2012/10/01 13:14:00 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_michael.job [2012/09/30 16:53:07 | 003,837,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012/09/29 18:32:10 | 000,049,036 | ---- | C] () -- C:\Users\michael\Desktop\Weil.pdf [2012/09/26 09:39:29 | 000,002,002 | -H-- | C] () -- C:\Users\michael\Documents\Default.rdp [2012/09/26 08:55:36 | 000,001,570 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk [2012/09/25 14:54:19 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/09/22 09:36:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012/09/21 08:43:38 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2012/09/21 08:43:38 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2012/09/21 08:43:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2012/01/18 13:45:11 | 000,001,755 | ---- | C] () -- C:\Users\michael\AppData\Roaming\SAS7_000.DAT [2011/06/23 16:15:28 | 000,012,288 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/13 09:26:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/06/13 09:25:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/06/09 14:25:14 | 000,000,167 | ---- | C] () -- C:\Users\michael\AppData\Roaming\default.rss [2011/06/09 14:25:14 | 000,000,000 | ---- | C] () -- C:\Users\michael\AppData\Roaming\downloads.m3u [2011/06/09 13:20:57 | 000,000,000 | ---- | C] () -- C:\Users\michael\AppData\Local\{48F13364-D798-4415-9BF3-4E842D67712E} [2011/02/03 09:51:07 | 000,019,456 | ---- | C] () -- C:\Users\michael\AppData\Local\WebpageIcons.db [2011/01/30 15:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011/01/24 14:47:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL [2011/01/24 11:53:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011/01/24 07:53:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011/01/24 07:53:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011/01/24 07:53:01 | 000,130,478 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011/01/24 07:53:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009/07/13 16:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 16:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 13:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/06/23 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Ashampoo [2011/02/02 10:34:40 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Canon [2011/08/30 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Cocoon Software [2011/01/24 08:30:34 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Engelmann Media [2012/09/21 08:43:49 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FreeFLVConverter [2012/09/26 09:18:26 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ICAClient [2011/01/24 08:01:54 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Leadertech [2011/07/31 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\MAGIX [2012/01/18 13:30:08 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Nuance [2011/07/31 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\RawShellExtender [2012/09/26 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TeamViewer [2011/01/24 10:27:17 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\TuneUp Software [2012/10/07 15:13:39 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8 < End of report > Hier die TXT der Maleware: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 michael :: BÜRO [Administrator] 07.10.2012 12:09:21 mbam-log-2012-09-30 (11-07-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 608863 Laufzeit: 1 Stunde(n), 48 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\michael\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt. (Ende) Was muss ich als nächstes tun? VD im voraus.Gruss Micha PS.Hoffe, dass ich alles richtig gemacht habe |
|
09.10.2012, 03:29
| #4 |
| /// Helfer-Team | Trojaner eingefangen Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0FF263E8
[2012/09/21 12:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\michael\*.tmp
C:\Users\michael\AppData\Local\{*}
C:\Users\michael\AppData\Local\Temp\*.exe
C:\Users\michael\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
|
|
11.10.2012, 17:11
| #5 |
| | Trojaner eingefangen Hallo John. Die Schritte habe ich alle befolgt und der Trojaner scheint weg zu sein  .Vielen vielen Dank für die Hilfe und Deiner Mühe. Ich werde zukünftlich vorsichtiger sein. Toll, dass es das Trojaner-board gibt. Weiter so. VD Michael |
|
11.10.2012, 18:00
| #6 |
| /// Helfer-Team | Trojaner eingefangen Wir sind noch nicht fertig! Der Rechner ist weder sauber noch abgesichert. Poste die Logs!
__________________ --> Trojaner eingefangen |
|
11.10.2012, 18:30
| #7 |
| | Trojaner eingefangen Hallo John. Sorry, ich dachte weil alles soweit lief.... Hier die Txt: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ADS C:\ProgramData\Temp:0FF263E8 deleted successfully. File/Folder not found. OTL by OldTimer - Version 3.2.69.0 log created on 10102012_173812 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... 2.Txt # AdwCleaner v2.004 - Logfile created 10/11/2012 at 18:03:45 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : michael - BÜRO # Boot Mode : Normal # Running from : C:\Users\michael\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\searchplugins\Conduit.xml File Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\searchplugins\Search_Results.xml Folder Found : C:\Program Files\facemoods.com Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\Program Files\Softonic_Deutsch_FF Folder Found : C:\Program Files\softonic-de3 Folder Found : C:\Program Files\uTorrentBar_DE Folder Found : C:\Program Files\Windows Searchqu Toolbar Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Users\michael\AppData\Local\Conduit Folder Found : C:\Users\michael\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\michael\AppData\LocalLow\Conduit Folder Found : C:\Users\michael\AppData\LocalLow\facemoods.com Folder Found : C:\Users\michael\AppData\LocalLow\PriceGong Folder Found : C:\Users\michael\AppData\LocalLow\searchquband Folder Found : C:\Users\michael\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\michael\AppData\LocalLow\Softonic_Deutsch_FF Folder Found : C:\Users\michael\AppData\LocalLow\softonic-de3 Folder Found : C:\Users\michael\AppData\LocalLow\uTorrentBar_DE Folder Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\Conduit Folder Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\CT2475029 Folder Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} Folder Found : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\Searchqutoolbar ***** [Registry] ***** Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll, C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Softonic_Deutsch_FF Key Found : HKCU\Software\AppDataLow\Software\softonic-de3 Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar_DE Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\facemoods.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2206084 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\facemoods.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48056041-BD5E-4E72-BBBF-42362C9090E5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A90952E-F912-467F-8C7D-5CCCA6614193} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FC60269-3619-4FEC-BDD8-6D459D1DC8BD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FEB3B0F-B60C-47A3-870F-66455F018E25} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D43A87-6A24-41CC-A913-272C1D411FD3} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC60FC1F-C753-45CC-AE14-B975C2E5423F} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch_FF Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar Key Found : HKLM\Software\SearchquMediabarTb Key Found : HKLM\Software\Softonic_Deutsch_FF Key Found : HKLM\Software\softonic-de3 Key Found : HKLM\Software\uTorrentBar_DE Key Found : HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} Key Found : HKU\S-1-5-21-599604033-3751420728-3843262701-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddr&f=2 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 -\\ Mozilla Firefox v15.0.1 (de) Profile name : default File : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\prefs.js Found : user_pref("CT2475029..clientLogIsEnabled", true); Found : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2475029.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2475029.BrowserCompStateIsOpen_129469746101488132", true); Found : user_pref("CT2475029.BrowserCompStateIsOpen_129681723868939970", true); Found : user_pref("CT2475029.CT2481020.CommunityChanged", true); Found : user_pref("CT2475029.CT2481024.CommunityChanged", true); Found : user_pref("CT2475029.CT2481025.CommunityChanged", true); Found : user_pref("CT2475029.CT2481029.CommunityChanged", true); Found : user_pref("CT2475029.CT2481031.CommunityChanged", true); Found : user_pref("CT2475029.CT2481032.CommunityChanged", true); Found : user_pref("CT2475029.CT2481033.CommunityChanged", true); Found : user_pref("CT2475029.CT2481034.CommunityChanged", true); Found : user_pref("CT2475029.CT2481035.CommunityChanged", true); Found : user_pref("CT2475029.CT2481037.CommunityChanged", true); Found : user_pref("CT2475029.CTID", "ct2481020"); Found : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgre[...] Found : user_pref("CT2475029.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Found : user_pref("CT2475029.CommunityChanged", true); Found : user_pref("CT2475029.CurrentServerDate", "11-10-2012"); Found : user_pref("CT2475029.DialogsAlignMode", "LTR"); Found : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue Oct 09 2012 07:04:09 GMT-1200 (Datumsgrenze N[...] Found : user_pref("CT2475029.DownloadDomainsCheckInterval", "168"); Found : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgr[...] Found : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983"); Found : user_pref("CT2475029.DownloadReferralCookieData", ""); Found : user_pref("CT2475029.FeedPollDate129076849370150342", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076850042182211", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076850596400916", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076850791868756", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076852434375419", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076853083906444", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076854010937606", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076855068438037", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076855340312884", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076855597344292", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076855883906472", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076856408281730", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076856723281882", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076856982969262", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076857229219583", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076857478587121", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129076858014837073", "Thu Jun 23 2011 16:17:09 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129132307482029379", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129132307482029381", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129132307482029382", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129133095459686870", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129133095459686871", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129137437659687146", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129137437659687147", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedPollDate129137437659687148", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Found : user_pref("CT2475029.FeedTTL129076850596400916", 5); Found : user_pref("CT2475029.FeedTTL129076856408281730", 30); Found : user_pref("CT2475029.FeedTTL129076858014837073", 2); Found : user_pref("CT2475029.FeedTTL129132307482029379", 40); Found : user_pref("CT2475029.FeedTTL129132307482029381", 40); Found : user_pref("CT2475029.FeedTTL129132307482029382", 40); Found : user_pref("CT2475029.FeedTTL129133095459686870", 40); Found : user_pref("CT2475029.FeedTTL129133095459686871", 40); Found : user_pref("CT2475029.FeedTTL129137437659687146", 40); Found : user_pref("CT2475029.FeedTTL129137437659687147", 40); Found : user_pref("CT2475029.FeedTTL129137437659687148", 40); Found : user_pref("CT2475029.FirstServerDate", "23-6-2011"); Found : user_pref("CT2475029.FirstTime", true); Found : user_pref("CT2475029.FirstTimeFF3", true); Found : user_pref("CT2475029.FixPageNotFoundErrors", true); Found : user_pref("CT2475029.GroupingLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgrenze Normal[...] Found : user_pref("CT2475029.GroupingLastErrorCode", ""); Found : user_pref("CT2475029.GroupingLastResponse", false); Found : user_pref("CT2475029.GroupingLastServerUpdateTime", "129533039380000000"); Found : user_pref("CT2475029.GroupingServerCheckInterval", 1440); Found : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2475029.HasUserGlobalKeys", true); Found : user_pref("CT2475029.Initialize", true); Found : user_pref("CT2475029.InitializeCommonPrefs", true); Found : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2475029.InstallationId", "MyAshampoo.exe"); Found : user_pref("CT2475029.InstallationType", "ConduitIntegration"); Found : user_pref("CT2475029.InstalledDate", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze Normalzeit)"); Found : user_pref("CT2475029.IsGrouping", true); Found : user_pref("CT2475029.IsMulticommunity", true); Found : user_pref("CT2475029.IsOpenThankYouPage", false); Found : user_pref("CT2475029.IsOpenUninstallPage", true); Found : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgrenze No[...] Found : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2475029.LastLogin_3.13.0.6", "Sun Jul 15 2012 13:17:50 GMT-1200 (Datumsgrenze Normalzei[...] Found : user_pref("CT2475029.LastLogin_3.14.1.0", "Wed Aug 22 2012 17:50:56 GMT-1200 (Datumsgrenze Normalzei[...] Found : user_pref("CT2475029.LastLogin_3.15.1.0", "Thu Oct 11 2012 06:49:11 GMT-1200 (Datumsgrenze Normalzei[...] Found : user_pref("CT2475029.LastLogin_3.3.3.2", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze Normalzeit[...] Found : user_pref("CT2475029.LatestVersion", "3.14.1.0"); Found : user_pref("CT2475029.Locale", "en"); Found : user_pref("CT2475029.MCDetectTooltipHeight", "83"); Found : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2475029.MCDetectTooltipWidth", "295"); Found : user_pref("CT2475029.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2475029.RadioIsPodcast", false); Found : user_pref("CT2475029.RadioMediaID", "9962"); Found : user_pref("CT2475029.RadioMediaType", "Media Player"); Found : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962"); Found : user_pref("CT2475029.RadioStationName", "California%20Rock"); Found : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT2475029.SearchFromAddressBarIsInit", true); Found : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...] Found : user_pref("CT2475029.SearchInNewTabEnabled", true); Found : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze [...] Found : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2475029.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2475029.ServiceMapLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgrenze Norm[...] Found : user_pref("CT2475029.SettingsLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgrenze Normal[...] Found : user_pref("CT2475029.SettingsLastUpdate", "1308819548"); Found : user_pref("CT2475029.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgrenz[...] Found : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT2475029.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029"); Found : user_pref("CT2475029.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2475029.UserID", "UN35669607344032275"); Found : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR"); Found : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 189); Found : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false); Found : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgre[...] Found : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", ""); Found : user_pref("CT2475029.ct2481020.GroupingLastResponse", false); Found : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129533039480000000"); Found : user_pref("CT2475029.ct2481020.InvalidateCache", false); Found : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Thu Oct 11 2012 06:49:11 GMT-1200 (Datum[...] Found : user_pref("CT2475029.ct2481020.Locale", "de"); Found : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgrenze[...] Found : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3"); Found : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Thu Oct 11 2012 06:49:10 GMT-1200 (Dat[...] Found : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Thu Oct 11 2012 06:49:10 GMT-1200 (Datumsgre[...] Found : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1349798113"); Found : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Thu Jun 23 2011 16:15:16 GMT-1200 (D[...] Found : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2475029.ct2481020.globalFirstTimeInfoLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200[...] Found : user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Thu Oct 11 2012 06:49:11 GMT-1200 [...] Found : user_pref("CT2475029.ct2481020.toolbarContextMenuLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 [...] Found : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgr[...] Found : user_pref("CT2475029.homepageProtectorEnableByLogin", true); Found : user_pref("CT2475029.initDone", true); Found : user_pref("CT2475029.isAppTrackingManagerOn", true); Found : user_pref("CT2475029.myStuffEnabled", true); Found : user_pref("CT2475029.myStuffPublihserMinWidth", 400); Found : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2475029.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2475029.revertSettingsEnabled", true); Found : user_pref("CT2475029.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2475029.searchProtectorEnableByLogin", true); Found : user_pref("CT2475029.testingCtid", ""); Found : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgre[...] Found : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgre[...] Found : user_pref("CT2475029.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"5f1[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", false); Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Found : user_pref("CommunityToolbar.ToolbarsList", "CT2475029"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 23 2011 16:15:16 GMT-12[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Sep 13 2011 10:04:05 GMT-1200 (Datum[...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Sep 13 2011 09:21:28 GMT-1200 (Datumsgre[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "edd930f7-38e0-47e9-b140-43edb455c1f8"); Found : user_pref("CommunityToolbar.globalUserId", "1fdc7d09-ed57-4140-9a07-d5b84d4143f8"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("browser.search.defaultenginename", "Search Results"); Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...] Found : user_pref("browser.search.order.1", "Search Results"); Found : user_pref("extensions.engine@conduit.com.install-event-fired", true); Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"7\": {\"id\": \"7\",\"title[...] Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="); ************************* AdwCleaner[R1].txt - [38594 octets] - [11/10/2012 18:03:45] ########## EOF - C:\AdwCleaner[R1].txt - [38655 octets] ########## 3.Txt # AdwCleaner v2.004 - Logfile created 10/11/2012 at 18:04:57 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : michael - BÜRO # Boot Mode : Normal # Running from : C:\Users\michael\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Windows Searchqu Toolbar File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\searchplugins\Conduit.xml File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\searchplugins\Search_Results.xml Folder Deleted : C:\Program Files\facemoods.com Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Deleted : C:\Program Files\Softonic_Deutsch_FF Folder Deleted : C:\Program Files\softonic-de3 Folder Deleted : C:\Program Files\uTorrentBar_DE Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\michael\AppData\Local\Conduit Folder Deleted : C:\Users\michael\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\michael\AppData\LocalLow\Conduit Folder Deleted : C:\Users\michael\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\michael\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\michael\AppData\LocalLow\searchquband Folder Deleted : C:\Users\michael\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\michael\AppData\LocalLow\Softonic_Deutsch_FF Folder Deleted : C:\Users\michael\AppData\LocalLow\softonic-de3 Folder Deleted : C:\Users\michael\AppData\LocalLow\uTorrentBar_DE Folder Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\Conduit Folder Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\CT2475029 Folder Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} Folder Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\Searchqutoolbar ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll, C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Softonic_Deutsch_FF Key Deleted : HKCU\Software\AppDataLow\Software\softonic-de3 Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_DE Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\facemoods.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2206084 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\facemoods.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48056041-BD5E-4E72-BBBF-42362C9090E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A90952E-F912-467F-8C7D-5CCCA6614193} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FC60269-3619-4FEC-BDD8-6D459D1DC8BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FEB3B0F-B60C-47A3-870F-66455F018E25} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D43A87-6A24-41CC-A913-272C1D411FD3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC60FC1F-C753-45CC-AE14-B975C2E5423F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D81AF43-DE53-48D0-A199-42C2A226B24C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63382E66-B513-4327-AEA8-A49553D4FA12} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F3C2BA9-F5F2-4827-BB05-C22D2C3BCE9A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DBB9FA06-E6B7-4067-95D4-C7C092B6B197} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch_FF Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar Key Deleted : HKLM\Software\SearchquMediabarTb Key Deleted : HKLM\Software\Softonic_Deutsch_FF Key Deleted : HKLM\Software\softonic-de3 Key Deleted : HKLM\Software\uTorrentBar_DE Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddr&f=2 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (de) Profile name : default File : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\lkeockjy.default\prefs.js Deleted : user_pref("CT2475029..clientLogIsEnabled", true); Deleted : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2475029.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2475029.BrowserCompStateIsOpen_129469746101488132", true); Deleted : user_pref("CT2475029.BrowserCompStateIsOpen_129681723868939970", true); Deleted : user_pref("CT2475029.CT2481020.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481024.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481025.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481029.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481031.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481032.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481033.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481034.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481035.CommunityChanged", true); Deleted : user_pref("CT2475029.CT2481037.CommunityChanged", true); Deleted : user_pref("CT2475029.CTID", "ct2481020"); Deleted : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgre[...] Deleted : user_pref("CT2475029.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Deleted : user_pref("CT2475029.CommunityChanged", true); Deleted : user_pref("CT2475029.CurrentServerDate", "11-10-2012"); Deleted : user_pref("CT2475029.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue Oct 09 2012 07:04:09 GMT-1200 (Datumsgrenze N[...] Deleted : user_pref("CT2475029.DownloadDomainsCheckInterval", "168"); Deleted : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgr[...] Deleted : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983"); Deleted : user_pref("CT2475029.DownloadReferralCookieData", ""); Deleted : user_pref("CT2475029.FeedPollDate129076849370150342", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076850042182211", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076850596400916", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076850791868756", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076852434375419", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076853083906444", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076854010937606", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076855068438037", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076855340312884", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076855597344292", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076855883906472", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076856408281730", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076856723281882", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076856982969262", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076857229219583", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076857478587121", "Thu Jun 23 2011 16:15:18 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129076858014837073", "Thu Jun 23 2011 16:17:09 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129132307482029379", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129132307482029381", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129132307482029382", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129133095459686870", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129133095459686871", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129137437659687146", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129137437659687147", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedPollDate129137437659687148", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgren[...] Deleted : user_pref("CT2475029.FeedTTL129076850596400916", 5); Deleted : user_pref("CT2475029.FeedTTL129076856408281730", 30); Deleted : user_pref("CT2475029.FeedTTL129076858014837073", 2); Deleted : user_pref("CT2475029.FeedTTL129132307482029379", 40); Deleted : user_pref("CT2475029.FeedTTL129132307482029381", 40); Deleted : user_pref("CT2475029.FeedTTL129132307482029382", 40); Deleted : user_pref("CT2475029.FeedTTL129133095459686870", 40); Deleted : user_pref("CT2475029.FeedTTL129133095459686871", 40); Deleted : user_pref("CT2475029.FeedTTL129137437659687146", 40); Deleted : user_pref("CT2475029.FeedTTL129137437659687147", 40); Deleted : user_pref("CT2475029.FeedTTL129137437659687148", 40); Deleted : user_pref("CT2475029.FirstServerDate", "23-6-2011"); Deleted : user_pref("CT2475029.FirstTime", true); Deleted : user_pref("CT2475029.FirstTimeFF3", true); Deleted : user_pref("CT2475029.FixPageNotFoundErrors", true); Deleted : user_pref("CT2475029.GroupingLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgrenze Normal[...] Deleted : user_pref("CT2475029.GroupingLastErrorCode", ""); Deleted : user_pref("CT2475029.GroupingLastResponse", false); Deleted : user_pref("CT2475029.GroupingLastServerUpdateTime", "129533039380000000"); Deleted : user_pref("CT2475029.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2475029.HasUserGlobalKeys", true); Deleted : user_pref("CT2475029.Initialize", true); Deleted : user_pref("CT2475029.InitializeCommonPrefs", true); Deleted : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2475029.InstallationId", "MyAshampoo.exe"); Deleted : user_pref("CT2475029.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2475029.InstalledDate", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze Normalzeit)"); Deleted : user_pref("CT2475029.IsGrouping", true); Deleted : user_pref("CT2475029.IsMulticommunity", true); Deleted : user_pref("CT2475029.IsOpenThankYouPage", false); Deleted : user_pref("CT2475029.IsOpenUninstallPage", true); Deleted : user_pref("CT2475029.LanguagePackLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgrenze No[...] Deleted : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2475029.LastLogin_3.13.0.6", "Sun Jul 15 2012 13:17:50 GMT-1200 (Datumsgrenze Normalzei[...] Deleted : user_pref("CT2475029.LastLogin_3.14.1.0", "Wed Aug 22 2012 17:50:56 GMT-1200 (Datumsgrenze Normalzei[...] Deleted : user_pref("CT2475029.LastLogin_3.15.1.0", "Thu Oct 11 2012 18:01:44 GMT-1200 (Datumsgrenze Normalzei[...] Deleted : user_pref("CT2475029.LastLogin_3.3.3.2", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze Normalzeit[...] Deleted : user_pref("CT2475029.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2475029.Locale", "en"); Deleted : user_pref("CT2475029.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2475029.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2475029.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2475029.RadioIsPodcast", false); Deleted : user_pref("CT2475029.RadioMediaID", "9962"); Deleted : user_pref("CT2475029.RadioMediaType", "Media Player"); Deleted : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962"); Deleted : user_pref("CT2475029.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2475029.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...] Deleted : user_pref("CT2475029.SearchInNewTabEnabled", true); Deleted : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Thu Jun 23 2011 16:15:16 GMT-1200 (Datumsgrenze [...] Deleted : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2475029.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2475029.ServiceMapLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgrenze Norm[...] Deleted : user_pref("CT2475029.SettingsLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgrenze Normal[...] Deleted : user_pref("CT2475029.SettingsLastUpdate", "1308819548"); Deleted : user_pref("CT2475029.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgrenz[...] Deleted : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2475029.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029"); Deleted : user_pref("CT2475029.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2475029.UserID", "UN35669607344032275"); Deleted : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 189); Deleted : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false); Deleted : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Thu Oct 11 2012 06:49:08 GMT-1200 (Datumsgre[...] Deleted : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", ""); Deleted : user_pref("CT2475029.ct2481020.GroupingLastResponse", false); Deleted : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129533039480000000"); Deleted : user_pref("CT2475029.ct2481020.InvalidateCache", false); Deleted : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Thu Oct 11 2012 06:49:11 GMT-1200 (Datum[...] Deleted : user_pref("CT2475029.ct2481020.Locale", "de"); Deleted : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgrenze[...] Deleted : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Thu Oct 11 2012 06:49:10 GMT-1200 (Dat[...] Deleted : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Thu Oct 11 2012 06:49:10 GMT-1200 (Datumsgre[...] Deleted : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1349798113"); Deleted : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Thu Jun 23 2011 16:15:16 GMT-1200 (D[...] Deleted : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2475029.ct2481020.globalFirstTimeInfoLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200[...] Deleted : user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Thu Oct 11 2012 06:49:11 GMT-1200 [...] Deleted : user_pref("CT2475029.ct2481020.toolbarContextMenuLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 [...] Deleted : user_pref("CT2475029.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2475029.globalFirstTimeInfoLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgr[...] Deleted : user_pref("CT2475029.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2475029.initDone", true); Deleted : user_pref("CT2475029.isAppTrackingManagerOn", true); Deleted : user_pref("CT2475029.myStuffEnabled", true); Deleted : user_pref("CT2475029.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2475029.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2475029.revertSettingsEnabled", true); Deleted : user_pref("CT2475029.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2475029.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2475029.testingCtid", ""); Deleted : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Thu Jun 23 2011 16:15:15 GMT-1200 (Datumsgre[...] Deleted : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Thu Jun 23 2011 16:15:17 GMT-1200 (Datumsgre[...] Deleted : user_pref("CT2475029.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"5f1[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2475029"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 23 2011 16:15:16 GMT-12[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Sep 13 2011 10:04:05 GMT-1200 (Datum[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Sep 13 2011 09:21:28 GMT-1200 (Datumsgre[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "edd930f7-38e0-47e9-b140-43edb455c1f8"); Deleted : user_pref("CommunityToolbar.globalUserId", "1fdc7d09-ed57-4140-9a07-d5b84d4143f8"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("browser.search.defaultenginename", "Search Results"); Deleted : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...] Deleted : user_pref("browser.search.order.1", "Search Results"); Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true); Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"7\": {\"id\": \"7\",\"title[...] Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="); ************************* AdwCleaner[R1].txt - [38725 octets] - [11/10/2012 18:03:45] AdwCleaner[S1].txt - [39005 octets] - [11/10/2012 18:04:57] ########## EOF - C:\AdwCleaner[S1].txt - [39066 octets] ########## 4.Txt Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 michael :: BÜRO [Administrator] 11.10.2012 06:52:01 mbam-log-2012-10-11 (06-52-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 660794 Laufzeit: 1 Stunde(n), 55 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Das waren alle. Geht es weiter? VG Michael  |
|
13.10.2012, 00:01
| #8 |
| /// Helfer-Team | Trojaner eingefangen Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
13.10.2012, 10:11
| #9 |
| | Trojaner eingefangen Hallo John. Hier die TXT Datei von EmsisoftAntiMalwareSetup: Emsisoft Anti-Malware - Version 7.0 Letztes Update: 10/13/2012 9:52:46 AM Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 10/13/2012 9:54:40 AM C:\Users\michael\AppData\Local\Temp\jar_cache1066254412584435096.tmp gefunden: Exploit.Java.CVE (A) C:\Users\michael\AppData\Local\Temp\YWWWXV gefunden: Exploit.Java.CVE (A) C:\Users\michael\Desktop\verweise\leecher.exe gefunden: Packed.Win32.NiceProtect.AMN (A) C:\Users\michael\Desktop\verweise\HSS-1.49-install-webroot-225-conduit.exe gefunden: Trojan.Win32.HotSpotShield.AMN (A) C:\Users\michael\Downloads\Software\VSO.Software Videofilm Converter\brcxd49d.zip -> brcxd49.rar -> Keygen\Keygen.exe gefunden: Trojan.Generic.7384952 (B) D:\DS\Desktop\verweise\leecher.exe gefunden: Packed.Win32.NiceProtect.AMN (A) D:\DS\Desktop\verweise\HSS-1.49-install-webroot-225-conduit.exe gefunden: Trojan.Win32.HotSpotShield.AMN (A) D:\DS\Program Files\Application Updater\ApplicationUpdater.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) D:\DS\Program Files\Hotspot Shield\bin\openvpnas.exe gefunden: Trojan.Win32.HotSpotShield.AMN (A) D:\DS\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) D:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) D:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) D:\DS\Software\VSO.Software Videofilm Converter\brcxd49d.zip -> brcxd49.rar -> Keygen\Keygen.exe gefunden: Trojan.Generic.7384952 (B) D:\Programme für PC\Programme Win7\IP Wechsler\Hotspot Shield\bin\openvpnas.exe gefunden: Trojan.Win32.HotSpotShield.AMN (A) D:\Programme für PC\Programme Win7\Sft\leecher.exe gefunden: Packed.Win32.NiceProtect.AMN (A) F:\DS\Program Files\Application Updater\ApplicationUpdater.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) F:\DS\Program Files\Hotspot Shield\bin\openvpnas.exe gefunden: Trojan.Win32.HotSpotShield.AMN (A) F:\DS\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) F:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) F:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN (A) Gescannt 776701 Gefunden 20 Scan Ende: 10/13/2012 11:07:08 AM Scan Zeit: 1:12:28 Was soll ich nun tun? VD im voraus. VG Michael |
|
14.10.2012, 12:25
| #10 |
| /// Helfer-Team | Trojaner eingefangen Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
15.10.2012, 17:44
| #11 |
| | Trojaner eingefangen Hallo John. Hier der Log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ccd334ad90686f41b20930b7edb30f40 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-15 07:29:52 # local_time=2012-10-15 07:29:52 (-1200, Datumsgrenze Normalzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 53417819 53417819 0 0 # compatibility_mode=5893 16776573 100 94 0 101826977 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=483061 # found=28 # cleaned=28 # scan_time=47205 C:\Users\michael\AppData\Local\Temp\jar_cache1066254412584435096.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\michael\AppData\Local\Temp\YWWWXV multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\michael\Desktop\verweise\HSS-1.49-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\michael\Desktop\verweise\HSS-1.57-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\michael\Desktop\verweise\leecher.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Desktop\verweise\HSS-1.49-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Desktop\verweise\leecher.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.dll Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DS\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\leecher.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\sft-loader_2009_rc2.rar a variant of Win32/Packed.NiceProtect.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\Formatwandler 360a\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\IP Wechsler\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\Konvertierung Ituenes\FFSetup170.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\MS Office professionell 2010\MS Office prof 2010\bieof10g.iso a variant of Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\Sft\leecher.exe a variant of Win32/Packed.NiceProtect.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\Sft\sft-loader_2009_final.rar a variant of Win32/Packed.NiceProtect.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\Programme für PC\Programme Win7\Sft\sft-loader_2009_rc2.rar a variant of Win32/Packed.NiceProtect.A application (deleted - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.dll Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DS\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Was geschieht jetzt? VG Micha |
|
16.10.2012, 00:59
| #12 |
| /// Helfer-Team | Trojaner eingefangen Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
17.10.2012, 19:10
| #13 |
| | Trojaner eingefangen Hallo John. Habe alles gemacht wie in der Anleitung von Dir. Java 7 ist installiert und die Einstellungen habe ich durchgeführt. Leider kam ich ab hier nicht so ganz klar: Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck HANDELT ES SICH HIER UM EIN PROGRAMM?? (hxxp://tools.trojaner-board.de/plugincheck.html) *Java deaktivieren* Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck (hxxp://tools.trojaner-board.de/plugincheck.html) ======================================================= Kannst Du die Schritte mir irgendwie verständlicher machen? Ich habe das Problem dass ich PluginCheck nicht verstehe, bzw was soll ich posten? Danke für eine Antwort.VG Michael |
|
18.10.2012, 00:49
| #14 | |
| /// Helfer-Team | Trojaner eingefangen Du sollst posten, was du angezeigt bekommst. Zitat:
|
|
18.10.2012, 18:35
| #15 |
| | Trojaner eingefangen Hallo John. Flash aktive X und Plug in Version 11.4.402.287 Java Vers 7 Update 9 Build 1.7.0_09-b05 Adobe Reader 9.5.2 Firefox 16.0.1 Adblock Plus2.1.2true{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}Adblock Plus Popup-Addon0.4trueadblockpopups@jessehakanen.netAdobe Contribute Toolbar6.0true{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}AutoPager0.7.2.0trueautopager@mozilla.orgavast! WebRep6.0.1367truewrc@avast.comDownloadHelper4.9.10true{b9db16a4-6edc-47ec-a1f4-b86292ed211d}Element Hiding Helper für Adblock Plus1.2.3trueelemhidehelper@adblockplus.orgFast Dial4.2.2truefastdial@telega.phpnet.usFoxLingo2.7.6true{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}SearchPreview6.0true{EF522540-89F5-46b9-B6FE-1829E2B572C6}Showcase0.9.5.9true{89506680-e3f4-484c-a2c0-ed711d481eda}Tab Mix Plus0.4.0.3true{dc572301-7619-498c-a57d-39143191b318}DivX HiQ2.1.1.94false{6904342A-8307-11DF-A508-4AE2DFD72085}DivX Plus Web Player HTML5 <video>2.1.1.94false{23fcfd51-4958-4f00-80a3-ae97e717ed8b}RealPlayer Browser Record Plugin14.0.3false{ABDE892B-13A8-4d1b-88E6-365A6E755758}Speed Dial0.9.6.10false{64161300-e22b-11db-8314-0800200c9a66} VG Michael |
|
| Themen zu Trojaner eingefangen |
| adressfeld, aufrufe, aufrufen, aufspielen, eingefangen, fenster, firefox, folge, folgende, gefangen, gen, hängt, interne, internetseite, komplett, meldung, neues, nicht mehr, problem, seite, sobald, troja, trojaner, weiterhelfen, öffnen |
Linear-Darstellung
