| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bka Trojaner 2.11 Befall beseitigen ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.03.2013, 23:40
| #1 |
 |  Bka Trojaner 2.11 Befall beseitigen ? Mein Notebook (Win 7 Professionel service pack 1, dell Pc deswegen professionell wurde da mitgelierfert ist aber normaler hauspc), wurde heute infiziert mit dem Bka/Gvu Trojaner Version 2.11 (gleiche Warnhinweise wie in Botfrei.de angegeben). Habe sofort Internetverbindung gekappt, und Win im abgesicherten Modus gestartet, dann im Autostart die Start dll gelöscht, danach normal gestartet und wie oben beschrieben Malwarebytes rüberlaufen lassen, infizierte Objekte entfernt und Logfile hier gepostet. Was nun tun? Gruss b.langs Anhang 51143 Geändert von b.langs (03.03.2013 um 00:16 Uhr) |
|
03.03.2013, 11:27
| #2 |
| /// Helfer-Team  | Bka Trojaner 2.11 Befall beseitigen ? Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
03.03.2013, 11:55
| #3 |
| | Bka Trojaner 2.11 Befall beseitigen ? Hier nun die Logfiles
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.03.2013 11:34:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christine\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,61% Memory free 5,92 Gb Paging File | 4,66 Gb Available in Paging File | 78,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,20 Gb Total Space | 132,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS Computer Name: CHRISTINE-PC | User Name: Christine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe () PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe (IDT, Inc.) PRC - C:\Users\Christine\AppData\Roaming\Mobile Partner\ouc.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\OEM13Mon.exe (Creative Technology Ltd.) PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International) PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Notepad++\NppShell_04.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe () SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe (IDT, Inc.) SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe (Andrea Electronics Corporation) SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File not found DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (O2MDGRDR) -- C:\Windows\System32\drivers\o2mdg.sys (O2Micro ) DRV - (O2SDGRDR) -- C:\Windows\System32\drivers\o2sdg.sys (O2Micro ) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (OEM13Vid) -- C:\Windows\System32\drivers\OEM13Vid.sys (Creative Technology Ltd.) DRV - (OEM13Vfx) -- C:\Windows\System32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKLM\..\SearchScopes\{BE8D1B5F-EB09-4583-B1C3-1C19214FE234}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes,DefaultScope = {B638046B-3AA7-416D-8A20-59A6FF96B683} IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{1CF39D53-11FE-4403-B510-65D829159E77}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{88516C27-DF8A-4C3C-925D-318563C8E1C1}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{9F26BBA8-8778-4AE9-9FA0-0D6895B18540}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{9FDF4800-842C-48C2-82C0-8BEBA5A5A05C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9b920a65-a375-4416-aded-fc44221c0db9&apn_sauid=EEC13643-38A2-4239-8C5B-C72CA402F32F IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\SearchScopes\{B638046B-3AA7-416D-8A20-59A6FF96B683}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-164884659-168407969-2746656569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=9b920a65-a375-4416-aded-fc44221c0db9&apn_ptnrs=%5EAGS&apn_sauid=EEC13643-38A2-4239-8C5B-C72CA402F32F&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.07 11:12:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.08 08:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.21 10:41:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.07 11:12:12 | 000,000,000 | ---D | M] [2011.01.31 16:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christine\AppData\Roaming\mozilla\Extensions [2010.06.20 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christine\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2013.01.24 20:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christine\AppData\Roaming\mozilla\Firefox\Profiles\69z56hot.default\extensions [2013.01.24 20:33:57 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Christine\AppData\Roaming\mozilla\Firefox\Profiles\69z56hot.default\extensions\toolbar@ask.com [2013.01.24 20:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.02 23:56:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.05.20 21:36:34 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011.05.20 21:33:59 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.04.21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 02:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.68\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.68\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.68\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.68\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011.05.21 10:20:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-164884659-168407969-2746656569-1000..\Run: [Facebook Update] C:\Users\Christine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-164884659-168407969-2746656569-1000..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-164884659-168407969-2746656569-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AED8B4B-B646-42FE-804E-AB0DE795B6BF}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E4BC25-46A0-4E67-B873-EDFAE1AB5F77}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80274011-7F26-4628-B79F-0269428C97DF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78E92F0-A5A1-48EF-AF97-C8A29E048154}: NameServer = 193.189.244.206 193.189.244.225 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.03 11:32:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe [2013.03.02 22:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.02 22:04:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.02 22:02:51 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\Programs [2013.02.27 14:08:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 14:08:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 14:08:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 14:08:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 14:08:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 14:08:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 14:08:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 14:08:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 14:08:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 14:08:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 14:08:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 14:08:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 14:08:26 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 14:08:26 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 14:08:26 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 14:08:26 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 14:08:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 14:08:26 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 14:08:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 14:08:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 14:08:25 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 14:08:25 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 14:08:25 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 14:08:25 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 14:08:24 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.18 16:47:46 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\DoNotTrackPlus [2013.02.18 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\AskToolbar [2013.02.18 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Christine\Documents\Umsatzsteuer-Antrag [2013.02.13 18:07:35 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 18:07:26 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 18:07:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 18:07:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 18:07:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 18:07:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 18:07:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 18:07:13 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 18:07:11 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 18:07:10 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll ========== Files - Modified Within 30 Days ========== [2013.03.03 11:35:51 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 11:35:51 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 11:32:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe [2013.03.03 11:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.03 11:29:09 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 23:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.02 22:22:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-164884659-168407969-2746656569-1000UA.job [2013.03.02 22:04:09 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 21:18:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\9466625.pad [2013.03.02 21:18:00 | 000,002,802 | ---- | M] () -- C:\ProgramData\9466625.js [2013.03.01 23:11:13 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.01 23:11:13 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.01 23:11:13 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.01 23:11:13 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.01 15:05:03 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.01 15:05:03 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.23 13:22:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-164884659-168407969-2746656569-1000Core.job [2013.02.14 13:06:26 | 000,359,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.12 18:14:00 | 001,699,803 | ---- | M] () -- C:\Users\Christine\Desktop\PPH2,KDH,KDH2_f.429(PL;DE;GB;FR;RU).pdf [2013.02.05 11:14:14 | 000,001,061 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.04 11:38:50 | 001,032,738 | ---- | M] () -- C:\Users\Christine\Desktop\03 In a Sentimental Mood.mp3 ========== Files Created - No Company Name ========== [2013.03.02 22:04:09 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 21:18:00 | 000,002,802 | ---- | C] () -- C:\ProgramData\9466625.js [2013.03.02 21:17:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\9466625.pad [2013.02.12 18:14:00 | 001,699,803 | ---- | C] () -- C:\Users\Christine\Desktop\PPH2,KDH,KDH2_f.429(PL;DE;GB;FR;RU).pdf [2013.02.04 11:38:44 | 001,032,738 | ---- | C] () -- C:\Users\Christine\Desktop\03 In a Sentimental Mood.mp3 [2012.03.03 08:46:26 | 000,000,706 | ---- | C] () -- C:\Users\Christine\Bibliotheken - Verknüpfung.lnk [2011.11.21 19:00:31 | 000,001,614 | ---- | C] () -- C:\Users\Christine\AppData\Roaming\MyMicroBalanceConfig.ini [2011.11.12 16:19:34 | 000,003,584 | ---- | C] () -- C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.12 13:47:04 | 000,001,142 | ---- | C] () -- C:\Program Files\VideoPad Videobearbeitungs-Software.lnk [2011.11.12 13:45:44 | 000,001,086 | ---- | C] () -- C:\Program Files\Prism Videodatei-Konverter.lnk [2011.11.12 13:37:29 | 000,001,103 | ---- | C] () -- C:\Program Files\Alive HD Video Converter.lnk [2011.11.12 13:30:17 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011.11.12 13:30:17 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011.11.12 13:30:16 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011.11.12 13:30:16 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011.11.12 13:30:16 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011.11.12 13:30:16 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2011.06.03 11:43:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.21 10:14:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.21 10:14:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.21 10:14:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.21 10:14:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.21 10:14:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.02 23:59:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.19 23:40:16 | 000,000,097 | ---- | C] () -- C:\Users\Christine\AppData\Local\fusioncache.dat [2010.05.31 05:45:33 | 000,007,597 | ---- | C] () -- C:\Users\Christine\AppData\Local\Resmon.ResmonCfg [2010.03.08 13:00:18 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2010.02.28 19:13:47 | 000,000,336 | ---- | C] () -- C:\Users\Christine\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.03 00:23:00 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Beanele [2011.12.19 17:34:35 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Bez [2010.06.20 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\conkeror.mozdev.org [2013.03.02 23:35:40 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Dropbox [2012.08.06 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\DVDVideoSoft [2012.06.04 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.26 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\FileZilla [2010.12.22 12:30:22 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Imaxel [2010.06.20 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\lingDIALOG [2012.03.19 20:46:20 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Mobile Partner [2010.11.25 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Nokia [2010.11.25 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Nokia Ovi Suite [2012.02.27 13:01:21 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Notepad++ [2010.11.24 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\PC Suite [2011.12.03 00:23:12 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Qocii [2012.06.08 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Telefónica [2010.02.28 19:14:50 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Template [2011.11.12 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Ulead Systems [2011.12.17 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Ylnui ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.03.2013 11:34:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christine\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,96 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,61% Memory free
5,92 Gb Paging File | 4,66 Gb Available in Paging File | 78,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 132,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
Computer Name: CHRISTINE-PC | User Name: Christine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D7DBA4-43EF-4EC1-95AB-19C3E6CAFF97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E8B77AF-81C0-447E-BDF2-CF733F68C866}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{31FBC338-9BFB-4258-93BD-79D05AAF9748}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{380E4286-2C88-4E0A-BA89-A53569D56360}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BA0F448-8D72-4A1D-A8E6-F4E08003F2FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44E9736F-3EA7-4D84-AC56-2AA8CD90F21B}" = lport=139 | protocol=6 | dir=in | app=system |
"{506205B2-FEAC-43BE-8409-8BA9389563B6}" = rport=137 | protocol=17 | dir=out | app=system |
"{51EAFD41-6DE5-4752-8E0C-83E1AFCD0B3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63D3A5F1-8D36-4F6C-830A-D5FEC053D595}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64FDFF39-5D68-4359-A7AA-D17F5FB0B2EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6BBC5930-1309-41BF-8A6D-63B108429A36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72C4D8E7-6A8C-497B-B9F4-DFABF73E9D9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EF43050-7CAB-42A3-9AAA-FFD2B4AF9974}" = lport=137 | protocol=17 | dir=in | app=system |
"{911AC77D-3CA2-4A0E-BB24-9DDE02EA5878}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99276468-BBE7-40A7-9E18-17CFCA52EFC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A348E8B4-410A-43B7-A658-95D2536B307A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7B26934-7725-43A9-ABA5-22B44DD7772C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B533F62E-87E8-4365-8556-56A8B5790CB7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C95465C4-9910-4BB6-B36B-07A85E0A9E5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CAAF8A7C-F1AE-4669-9A4D-28FE16A46C20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2EEC736-3BA6-423A-8936-E5A14D0E6620}" = lport=138 | protocol=17 | dir=in | app=system |
"{E76C55CE-3944-487A-AADB-F24E6E464CB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F9E1A45B-9A44-491E-A495-4664A07E5E09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAACC043-C3F9-49F9-A9F1-59445F819857}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD1A747E-B867-49D7-A816-B5445AE85D7F}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0437CF2C-780E-4266-87AE-46FF018E39F5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0CE3F0B3-7887-438C-B9D0-DCF752143EFE}" = dir=in | app=d:\setup\hpznui01.exe |
"{0D4F36FD-6A05-4932-9735-A5D21E95730C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0DA108C1-32AD-4A0B-98F0-D7F500CD507C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1BE76C0F-0ECE-41BD-84C4-90468D70C3E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F265AF2-7643-4F8E-B675-9CFD14CAA5C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{316BB811-7A4F-47BF-A34A-940F5581021E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3307C2A8-9B31-40C4-9511-B0EE98C7B856}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3D6694CC-563D-42A4-9EDA-3409FCDBBFCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4125F9F4-5C18-4F24-9095-FEBF96B9FA6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47C45411-08FA-4567-8D01-4AB8D4CA7730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48C05A22-3FF7-4DDC-B273-2ED9F85E96E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{509A3190-1F70-4A09-9FFC-BC6CEA984FD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63192DE1-1C2C-443A-8CD1-7EA44019173F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{6DC3E401-A5D9-4EA5-9FA3-81803C89B62B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{70F7C9F8-6308-40F3-B374-C9991B5B1F38}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{77E061D7-14A5-4F4D-BCE0-4731B129CC2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{924A044A-307D-4398-8484-F1674C860E79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{9BB65FD5-5153-4D1D-A5B1-D7800E65BF74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9F0C06E4-4EA9-4B4B-AF98-67AF7215DF1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9F599919-979D-40FE-A64C-02354C9288D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A7BD46C3-2830-49B1-B120-9A4CDD893DEF}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{B1078E9E-62FB-4A15-9A25-41C5516B93A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B61042DF-8A3E-4AF8-ABAC-C851C02D61F3}" = protocol=17 | dir=in | app=c:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe |
"{BCD27364-BC0B-4654-8345-18C35ABDADDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C01F7413-D27A-4D5D-AD5B-D29B0C53D87A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C75A00B8-0629-4154-AA1D-024A1F65A854}" = protocol=6 | dir=out | app=system |
"{CA0D92CC-54FB-46CF-B29E-C7CD2C7B7939}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDC09A9C-47D2-481E-A221-1382E9716E14}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D4593445-99E5-447B-8377-AF4B713699B2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D5ECE372-8AA2-48E9-8FA8-56BE8B69BF43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA697FA0-C3A7-4911-845A-5013F5B49A84}" = protocol=6 | dir=in | app=c:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe |
"{E39857E5-02F8-425D-8FD1-4E5256409BC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F340E344-4239-4BB7-B17B-DE580FD19EDC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F3F989A9-27F7-4B1D-9296-E7234A365BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F439DC8B-985A-4CA9-B8BC-581D8F9434B8}" = dir=in | app=c:\users\christine\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{A60364BC-42DC-4182-9045-0C45321DB03D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DE5C00E3-BEEF-4DFE-A601-3DEF0A9C5AD2}C:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{753D7E9B-C6E4-4EBB-AD04-DC4940EE6D12}C:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\christine\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FE4C54E3-3608-4008-BAB2-358BBE94A072}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{338C9C3C-D6E2-4223-869C-4D9A76CCE065}" = MyMicroBalance
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54F5197C-9A19-4BCF-98A1-514C5A832D84}" = Dell Backup and Recovery Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Alive HD Video Converter_is1" = Alive HD Video Converter (version 2.6.8.2)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn CD-/DVD-/Blu-Ray-Brenner
"FileZilla Client" = FileZilla Client 3.5.3
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Grammatiktrainer 4.0 Französisch" = Langenscheidt Grammatiktrainer 4.0 Französisch
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 TBYB
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Prism" = Prism Videodatei-Konverter
"Shop for HP Supplies" = Shop for HP Supplies
"STANDARD" = Microsoft Office Standard 2007
"Switch" = Switch Audiodatei-Konverter
"TVWiz" = Intel(R) TV Wizard
"VideoPad" = VideoPad Videobearbeitungs-Software
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-164884659-168407969-2746656569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.02.2012 09:33:32 | Computer Name = Christine-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 29.02.2012 09:33:32 | Computer Name = Christine-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 29.02.2012 13:03:54 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.03.2012 13:43:50 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.03.2012 11:51:14 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.03.2012 11:51:25 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.03.2012 15:16:11 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.03.2012 16:40:23 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 07.03.2012 06:47:23 | Computer Name = Christine-PC | Source = RasClient | ID = 20227
Description =
Error - 08.03.2012 07:02:54 | Computer Name = Christine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 16.10.2012 18:37:35 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 00:37:35 - Fehler beim Herstellen der Internetverbindung. 00:37:35
- Serververbindung konnte nicht hergestellt werden..
Error - 16.10.2012 18:37:45 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 00:37:40 - Fehler beim Herstellen der Internetverbindung. 00:37:40
- Serververbindung konnte nicht hergestellt werden..
Error - 16.10.2012 19:37:52 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 01:37:52 - Fehler beim Herstellen der Internetverbindung. 01:37:52
- Serververbindung konnte nicht hergestellt werden..
Error - 16.10.2012 19:38:02 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 01:37:57 - Fehler beim Herstellen der Internetverbindung. 01:37:57
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2013 11:31:21 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 16:31:21 - Fehler beim Herstellen der Internetverbindung. 16:31:21
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2013 11:31:31 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 16:31:27 - Fehler beim Herstellen der Internetverbindung. 16:31:27
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2013 12:31:36 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 17:31:36 - Fehler beim Herstellen der Internetverbindung. 17:31:36
- Serververbindung konnte nicht hergestellt werden..
Error - 22.01.2013 12:31:42 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 17:31:41 - Fehler beim Herstellen der Internetverbindung. 17:31:41
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2013 09:49:48 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 14:49:48 - Fehler beim Herstellen der Internetverbindung. 14:49:48
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2013 09:50:02 | Computer Name = Christine-PC | Source = MCUpdate | ID = 0
Description = 14:49:54 - Fehler beim Herstellen der Internetverbindung. 14:49:54
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 16.03.2012 18:03:40 | Computer Name = Christine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 737
seconds with 600 seconds of active time. This session ended with a crash.
Error - 06.09.2012 12:16:58 | Computer Name = Christine-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 106
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:49:58 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.03.2013 16:53:53 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASKUTIL
Error - 02.03.2013 17:00:39 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 02.03.2013 18:37:52 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASKUTIL
Error - 03.03.2013 06:29:38 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASKUTIL
< End of report >
 |
|
03.03.2013, 12:00
| #4 |
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ? Wer hat Combofix auf dem Rechner ausgefuehrt und warum? Wo ist das Logfile? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
[2013.03.02 21:18:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\9466625.pad
[2013.03.02 21:18:00 | 000,002,802 | ---- | M] () -- C:\ProgramData\9466625.js
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Christine\*.tmp
C:\Users\Christine\AppData\*.dll
C:\Users\Christine\AppData\*.exe
C:\Users\Christine\AppData\Local\Temp\*.exe
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
03.03.2013, 12:06
| #5 |
| | Bka Trojaner 2.11 Befall beseitigen ? Der Laptop war vorher der Laptop meiner Freundin und sie hatte schon einmal eine Reinigung des Systems hinter sich, daher wohl Combofix. Soll ich trotzdem alle weiteren Schritte so ausführen? |
|
03.03.2013, 12:07
| #6 |
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ? Ja, wie beschrieben ausfuehren, Logs posten.
__________________ --> Bka Trojaner 2.11 Befall beseitigen ? |
|
03.03.2013, 12:46
| #7 |
| | Bka Trojaner 2.11 Befall beseitigen ? Scheint gut auszusehen hoffe ich jedenfalls. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
C:\ProgramData\9466625.pad moved successfully.
C:\ProgramData\9466625.js moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Christine\*.tmp not found.
File\Folder C:\Users\Christine\AppData\*.dll not found.
File\Folder C:\Users\Christine\AppData\*.exe not found.
File\Folder C:\Users\Christine\AppData\Local\Temp\*.exe not found.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-698b6256-n folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-5b320204-n folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-251d3e9c-n folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-58a436e0-n folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Christine\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christine\Desktop\cmd.bat deleted successfully.
C:\Users\Christine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christine
->Temp folder emptied: 1029626 bytes
->Temporary Internet Files folder emptied: 1005951 bytes
->FireFox cache emptied: 235621383 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3014 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13372396 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13364697 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 1041 bytes
Total Files Cleaned = 252,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_121722
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\etilqs_88bclCq1yzvOapATrno0 not found!
File\Folder C:\Windows\temp\etilqs_9DdTDvZ8STFM6LI5TD7q not found!
File\Folder C:\Windows\temp\etilqs_B9sU3JAkOullhRR94XDa not found!
File\Folder C:\Windows\temp\etilqs_qnSveQjsTrH5fzwZ49Ct not found!
File\Folder C:\Windows\temp\etilqs_zJGyB3ZfMQZqVXs0CaU3 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.03.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Christine :: CHRISTINE-PC [administrator]
03.03.2013 12:37:21
mbar-log-2013-03-03 (12-37-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26990
Time elapsed: 8 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 03/03/2013 um 12:39:04 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Christine - CHRISTINE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christine\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Christine\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\69z56hot.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\69z56hot.default\Smartbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15673FBD-5522-421A-BC27-54CE34240534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DC1AB74-EC2A-4444-997F-AD680D3C4D79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB --> hxxp://www.google.com
-\\ Mozilla Firefox v12.0 (de)
Datei : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\69z56hot.default\prefs.js
C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\69z56hot.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.UserID", "UN30373501668611702");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.keyword", true);
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "0");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1338837338932");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1338837347236");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1339659640634");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1338837341215");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1339659640663");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1339332524776");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1338837339598");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1339659640896");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1339659640401");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1338837341145");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1339659640750");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1339659640646");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.homepage", true);
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "userChanged");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "4-6-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "14-6-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "tt=050412_30");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "7c2c69e7000000000000c417fe850db9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "7c2c69e7000000000000c417fe850db9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15439");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:08:55");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [19507 octets] - [03/03/2013 12:39:04]
########## EOF - C:\AdwCleaner[S1].txt - [19568 octets] ##########
|
|
03.03.2013, 14:15
| #8 |
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
03.03.2013, 19:23
| #9 |
| | Bka Trojaner 2.11 Befall beseitigen ? Hier nun die Logfiles: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 16:14:01
-----------------------------
16:14:01.966 OS Version: Windows 6.1.7601 Service Pack 1
16:14:01.966 Number of processors: 2 586 0x170A
16:14:01.966 ComputerName: CHRISTINE-PC UserName: Christine
16:14:06.209 Initialize success
16:16:28.409 AVAST engine defs: 13030300
16:17:08.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:17:08.470 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
16:17:08.486 Disk 0 MBR read successfully
16:17:08.486 Disk 0 MBR scan
16:17:08.579 Disk 0 Windows VISTA default MBR code
16:17:08.579 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:17:08.595 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:17:08.626 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
16:17:08.642 Disk 0 scanning sectors +488395120
16:17:08.704 Disk 0 scanning C:\Windows\system32\drivers
16:17:25.739 Service scanning
16:17:52.618 Modules scanning
16:18:00.605 Disk 0 trace - called modules:
16:18:00.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:18:00.637 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c99880]
16:18:00.652 3 CLASSPNP.SYS[8b9a759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86235028]
16:18:01.994 AVAST engine scan C:\Windows
16:18:06.175 AVAST engine scan C:\Windows\system32
16:23:21.935 AVAST engine scan C:\Windows\system32\drivers
16:23:42.246 AVAST engine scan C:\Users\Christine
16:31:45.457 AVAST engine scan C:\ProgramData
16:33:12.380 Scan finished successfully
16:34:46.932 Disk 0 MBR has been saved successfully to "C:\Users\Christine\Desktop\Virenprogramme\logfiles\MBR.dat"
16:34:46.932 The log file has been saved successfully to "C:\Users\Christine\Desktop\Virenprogramme\logfiles\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=06797961a7b445458fe4d177364ba03f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-30 02:04:03
# local_time=2011-05-30 04:04:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1280 16777215 100 0 835997 835997 0 0
# compatibility_mode=5893 16776573 100 94 79330 59198318 0 0
# compatibility_mode=8192 67108863 100 0 206 206 0 0
# scanned=117645
# found=1
# cleaned=0
# scan_time=4667
C:\Users\Christine\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=06797961a7b445458fe4d177364ba03f
# engine=13287
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-03 04:56:55
# local_time=2013-03-03 05:56:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 26597 227753105 19376 0
# compatibility_mode=5893 16776574 100 94 3384859 113961006 0 0
# scanned=43710
# found=0
# cleaned=0
# scan_time=4603
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=06797961a7b445458fe4d177364ba03f
# engine=13289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-03 06:10:48
# local_time=2013-03-03 07:10:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 9426 227757538 2199 0
# compatibility_mode=5893 16776574 100 94 3389292 113965439 0 0
# scanned=137351
# found=1
# cleaned=0
# scan_time=4139
sh=85EAE0A3A89A8483030F2F7A709F8B0BB4BA82A4 ft=0 fh=0000000000000000 vn="JS/Agent.NID trojan" ac=I fn="C:\_OTL\MovedFiles\03032013_121722\C_ProgramData\9466625.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Java(TM) 6 Update 30 Java version out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
04.03.2013, 14:05
| #10 |
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ? Alles Windows Updates einspielen, inkl. Internet Explorer! http://windowsupdate.microsoft.com Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
04.03.2013, 21:49
| #11 |
| | Bka Trojaner 2.11 Befall beseitigen ? habe alles so ausgeführt-erster Plugin Check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,171) ist aktuell. Java (1,7,0,15) ist aktuell. Adobe Reader 10,1,6,1 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Habe nochmals versucht Adope Reader zu aktualisieren. Da kommt aber eine Warnung von Avira. Infizierte Datei gefunden und der Vorgang wird abgebrochen. Zweiter Plug-in Check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,171) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,6,1 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Außerdem öffnet sich bei Firefox ein Fenster mit der Meldung: Fehler beim Laden! Sie brauchen einen neuen Player!??? Noch eine Frage, muß ich den Internet Explorer installiert lassen, wenn ich lieber mit Firefox arbeiten möchte? Kelches Schutzprogramm würdest Du mir empfehlen? Gibt es zur Zeit etwas mit mehr Sicherheit als Avira? Lg b.langs Ich schreibe noch mal, weil meine Direktantworte anscheinend nicht ankam. Hier der erste Login-Check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,171) ist aktuell. Java (1,7,0,15) ist aktuell. Adobe Reader 10,1,6,1 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Hier der Zweite: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,171) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,6,1 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Den Adobe Reader habe ich nicht runtergeladen bekommen, da eine Virusmeldung kam und der Vorgang automatisch abgebrochen wurde. Oder ist das normal und ich muß Avira ausschalten? Kann ich eigentlich auch Firefox benutzen anstatt Internet Explorer und den wieder runterschmeißen oder ist der Wichtig? Welchen Anti-Spy-ware/ Viren/ Trojaner Schutzprogramm kannst Du mir denn empfehlen? Lg. b.langs |
|
05.03.2013, 13:05
| #12 | |||
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ?Zitat:
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Zitat:
Den kann man nicht deinstallieren. Immer aktuell halten. Zitat:
|
|
05.03.2013, 19:37
| #13 |
| | Bka Trojaner 2.11 Befall beseitigen ? Screenshot: im Anhang Logfile: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.8 (03.04.2013:1) OS: Windows 7 Professional x86 Ran by Christine on 05.03.2013 at 19:22:47,56 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] browserprotect Successfully deleted: [Service] browserprotect ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{82e1477c-b154-48d3-9891-33d83c26bcd3} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-164884659-168407969-2746656569-1000\software\microsoft\internet explorer\main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1 Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer Failed to delete: [Registry Key] hkey_current_user\software\datamngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.BHO.1 Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021810.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.BHO.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021810.Sandbox.1 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a6174f27-1fff-e1d6-a93f-ba48ad5dd448} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6174f27-1fff-e1d6-a93f-ba48ad5dd448} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c1af5fa5-852c-4c90-812e-a7f75e011d87} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1af5fa5-852c-4c90-812e-a7f75e011d87} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\browserprotect" Successfully deleted: [Folder] "C:\ProgramData\sweetim" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\babsolution" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\dealply" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\delta" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\optimizer pro" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\pdfforge" Successfully deleted: [Folder] "C:\Program Files\dealply" Successfully deleted: [Folder] "C:\Program Files\delta" Successfully deleted: [Folder] "C:\Program Files\optimizer pro" Failed to delete: [Folder] "C:\Program Files\sweetim" Successfully deleted: [Folder] "C:\Program Files\sweetpacks bundle uninstaller" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro" Successfully deleted: [Folder] "C:\Users\Christine\AppData\Roaming\microsoft\windows\start menu\programs\browserprotect" ~~~ FireFox Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\user.js Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\bprotector_prefs.js Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\searchplugins\delta.xml Successfully deleted: [File] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\searchplugins\sweetim.xml Successfully deleted: [Folder] C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\extensions\ffxtlbr@delta.com Successfully deleted the following from C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\prefs.js user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={886BDB59-84FF-11E2-BBEA-C417FEFFCE2D}"); user_pref("browser.search.defaultenginename", "SweetIM Search"); user_pref("browser.search.selectedEngine", "Delta Search"); user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=7c2c69e7000000000000c417fe850db9"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=7c2c69e7000000000000c417fe850db9"); user_pref("extensions.crossrider.bic", "13d36db13422f3ae4230e3fd1fb079e2"); user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true); user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1362424862); user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", false); user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false); user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false); user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false); user_pref("extensions.crossriderapp21810.21810.active", true); user_pref("extensions.crossriderapp21810.21810.addressbar", ""); user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", ""); user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n"); user_pref("extensions.crossriderapp21810.21810.backgroundver", 33); user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true); user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", ""); user_pref("extensions.crossriderapp21810.21810.changeprevious", false); user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1362424862"); user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1362424862"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Tue Mar 05 2013 19:07:57 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%22141543%26pid%3D1382%5C%22%3A%7Bs%3A%5B%5C%2 user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Tue Mar 05 2013 19:07:57 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Mon Mar 11 2013 21:35:07 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22DE%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1362506728"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221361906569%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2258429%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2258429%26 user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221361906569%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%2214019%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.value", "1362429314225"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221171%22"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_sr[appround.net].expiration", "Tue Mar 12 2013 12:50:44 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_sr[appround.net].value", "1362484244"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22152473%22"); user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1362429306439"); user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!"); user_pref("extensions.crossriderapp21810.21810.domain", ""); user_pref("extensions.crossriderapp21810.21810.enablesearch", false); user_pref("extensions.crossriderapp21810.21810.fbremoteurl", ""); user_pref("extensions.crossriderapp21810.21810.group", 0); user_pref("extensions.crossriderapp21810.21810.homepage", ""); user_pref("extensions.crossriderapp21810.21810.iframe", false); user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E035D932DC6F4512BEA7039BCB94FBE0IE%22%2C%22installer_verifi user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "49"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Wed Mar 06 2013 01:02:54 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWa user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN: user_pref("extensions.crossriderapp21810.21810.manifesturl", ""); user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension"); user_pref("extensions.crossriderapp21810.21810.newtab", ""); user_pref("extensions.crossriderapp21810.21810.opensearch", ""); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.name", "base"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function( user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.name", "GPL Background (BG)"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 34); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.name", "CrossriderAppUtils"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"& user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.name", "jQuery"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.name", "resources"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 2); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.name", "resources_background"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 1); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);} user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l= user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.name", "appApiValidation"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 1); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo"); user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2); user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"); user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28"); user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); user_pref("extensions.crossriderapp21810.21810.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/21810/plugins/087/ff/plugins.json"); user_pref("extensions.crossriderapp21810.21810.pluginsversion", 43); user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps"); user_pref("extensions.crossriderapp21810.21810.searchstatus", 0); user_pref("extensions.crossriderapp21810.21810.setnewtab", false); user_pref("extensions.crossriderapp21810.21810.settingsurl", ""); user_pref("extensions.crossriderapp21810.21810.thankyou", ""); user_pref("extensions.crossriderapp21810.21810.updateinterval", 360); user_pref("extensions.crossriderapp21810.21810.ver", 49); user_pref("extensions.crossriderapp21810.apps", "21810"); user_pref("extensions.crossriderapp21810.bic", "13d36db13422f3ae4230e3fd1fb079e2"); user_pref("extensions.crossriderapp21810.cid", 21810); user_pref("extensions.crossriderapp21810.firstrun", false); user_pref("extensions.crossriderapp21810.hadappinstalled", true); user_pref("extensions.crossriderapp21810.installationdate", 1362424960); user_pref("extensions.crossriderapp21810.lastcheck", 22708443); user_pref("extensions.crossriderapp21810.lastcheckitem", 22708446); user_pref("extensions.crossriderapp21810.modetype", "production"); user_pref("extensions.crossriderapp21810.reportInstall", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.bbDpng", "5"); user_pref("extensions.delta.cntry", "DE"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.hdrMd5", "A2649ED64E2602443DEA080371F457AF"); user_pref("extensions.delta.id", "7c2c69e7000000000000c417fe850db9"); user_pref("extensions.delta.instlDay", "15768"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.lastVrsnTs", "1.8.10.021:38:44"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.sg", "azb"); user_pref("extensions.delta.smplGrp", "azb"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.021:38:44"); user_pref("extensions.delta.vrsni", "1.8.10.0"); user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={886BDB59-84FF-11E2-BBEA-C417FEFFCE2D}&q="); user_pref("sweetim.toolbar.RevertDialog.enable", "false"); user_pref("sweetim.toolbar.SearchBoxLogo", ""); user_pref("sweetim.toolbar.SearchBoxText", ""); user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); user_pref("sweetim.toolbar.Visibility.enable", "true"); user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); user_pref("sweetim.toolbar.defaultProvider", ""); user_pref("sweetim.toolbar.dialogs.0.enable", "true"); user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); user_pref("sweetim.toolbar.dialogs.0.height", "335"); user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;"); user_pref("sweetim.toolbar.dialogs.0.width", "761"); user_pref("sweetim.toolbar.dialogs.1.enable", "true"); user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); user_pref("sweetim.toolbar.dialogs.1.height", "300"); user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); user_pref("sweetim.toolbar.dialogs.1.width", "500"); user_pref("sweetim.toolbar.dialogs.2.enable", "true"); user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); user_pref("sweetim.toolbar.dialogs.2.height", "150"); user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); user_pref("sweetim.toolbar.dialogs.2.width", "530"); user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.mode.debug", "false"); user_pref("sweetim.toolbar.newtab.created", "true"); user_pref("sweetim.toolbar.newtab.enable", "true"); user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;"); user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=7c2c69e7000000000000c417fe850db9"); user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/"); user_pref("sweetim.toolbar.previous.keyword.URL", ""); user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;"); user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); user_pref("sweetim.toolbar.scripts.0.enable", "false"); user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); user_pref("sweetim.toolbar.scripts.1.enable", "false"); user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); user_pref("sweetim.toolbar.scripts.2.callback", ""); user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*"); user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); user_pref("sweetim.toolbar.scripts.2.enable", "false"); user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear user_pref("sweetim.toolbar.search.history.capacity", "10"); user_pref("sweetim.toolbar.searchguard.enable", "false"); user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); user_pref("sweetim.toolbar.simapp_id", "{886BDB59-84FF-11E2-BBEA-C417FEFFCE2D}"); user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;"); user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp"); user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006.10037&barid={886BDB59-84FF-11E2-BBEA-C417FEFFCE2D}"); user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy"); user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id;"); user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/"); user_pref("sweetim.toolbar.version", "1.11.0.2"); Emptied folder: C:\Users\Christine\AppData\Roaming\mozilla\firefox\profiles\69z56hot.default\minidumps [393 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.03.2013 at 19:25:46,23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Es grüßt b.langs |
|
05.03.2013, 23:20
| #14 |
| /// Helfer-Team | Bka Trojaner 2.11 Befall beseitigen ? |
|
06.03.2013, 19:17
| #15 |
| | Bka Trojaner 2.11 Befall beseitigen ? So nicht das du jetzt verwirrt bist, meine Freundin hat seit dem Schritt mit dem Windows aktualisieren mit Dir kommuniziert und die weiteren Schritte ausgeführt, da ich auf Arbeit auswärts war. Ich habe ihr gesagt, Sie kann mit dem Pc arbeiten er sieht sicher aus und sie soll mir die Antworten und die nächsten Schritte die Du vorschlägst weiterleiten. Nun da ich wieder da bin, sehe ich, dass sie mit Dir weitergegangen ist und weiter gearbeitet, allerdings hat Sie ein paar Dinge getan, die wohl nicht ganz richtig waren. Das grosse Problem war, dass sie anstatt den Adobe Pdf Reader zu aktualisieren versucht hat, über die Download Seite, die Du vorgeschlagen hast, hat sie auf download gedrückt und sich diese Werbung installiert.  Dabei hat sich wohl auch Avira gemeldet und sie hat mehrmals das gleiche wiederholt und sie hat sich auch noch ein paar Toolbars eingefangen. Deswegen wohl auch dieser merkwürdige Screenshot von Firefox, das ist ein Reader der sich versucht zu aktualisieren. Alle anderen Schritte hat sie richtig vollzogen. So habe jetzt versucht den meisten Kram runterzuschmeissen ein Add on im Firefox kriege ich aber nicht los. Sorry hoffe du siehst durch. Hier der Bericht den du angefordert hast. Code:
ATTFilter Anwendung: Firefox 19.0 (20130215130331)
Betriebssystem: WINNT (x86-msvc)
- Extension List Dumper 1.15.2
6. März 2013, 17:57:38
6. März 2013, 17:55:39
- HP Smart Web Printing 4.5 (deaktiviert, inkompatibel)
7. Juni 2010, 12:12:14
- LyricsPal 1.110 (deaktiviert)
4. März 2013, 20:13:22
- Skype extension 5.0.0.6906 (deaktiviert, inkompatibel)
2. Februar 2011, 23:56:32
Geändert von b.langs (06.03.2013 um 19:23 Uhr) |
|
| Themen zu Bka Trojaner 2.11 Befall beseitigen ? |
| abgesicherten, autostart, befall, beseitigen, dell pc, dll, entfernt, gelöscht, gestartet, heute, hinweise, infiziert, infizierte, interne, internetverbindung, logfile, malwarebytes, modus, notebook, professionel, service, sofort, trojaner, verbindung, version, win |
Linear-Darstellung
