browse to save virus

# AdwCleaner v2.106 - Datei am 21/01/2013 um 14:52:26 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js

Gefunden : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gefunden : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gefunden : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gefunden : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.cntry", "AT");
Gefunden : user_pref("extensions.funmoods.cv", "cv5");
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gefunden : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gefunden : user_pref("extensions.funmoods.instlDay", "15714");
Gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.softonic_i.aflt", "SD");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "de");
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15395");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]

*************************

AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10663 octets] - [21/01/2013 14:52:26]

########## EOF - C:\AdwCleaner[R2].txt - [10724 octets] ##########
         

Ja	HKCU:Run	SandboxieControl	SANDBOXIE L.T.D	"C:\Program Files\Sandboxie\SbieCtrl.exe"
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	AthBtTray	Atheros Commnucations	"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Ja	HKLM:Run	AtherosBtStack	Atheros Communications	"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Ja	HKLM:Run	avgnt	Avira Operations GmbH & Co. KG	"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja	HKLM:Run	HP Quick Launch	Hewlett-Packard Development Company, L.P.	C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Ja	HKLM:Run	HPOSD	Hewlett-Packard Development Company, L.P.	C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Ja	HKLM:Run	HPWirelessAssistant		C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
Ja	HKLM:Run	RTHDVCPL	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Ja	HKLM:Run	SynTPEnh	Synaptics Incorporated	%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja	Startup User	OpenOffice.org 3.4.1.lnk		C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe