| |
| |||||||
Log-Analyse und Auswertung: Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.08.2013, 17:28
| #1 |
| |  Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Guten Tag, ich hatte vor Längerem einen GVU-Trojaner auf meinem Laptop (Windows Vista), welcher auch auf meine Webcam zugriff und mir mitteilte, dass mein Computer gesperrt sei und ich diesen nur mit einer Zahlung von "100 euros" per paysafe-Card wieder freischalten könne, "um andere rechtlichen Folgen zu vermeiden". Ganz oben in einer Leiste war ein Logo des "Bundesamt für Sicherheit in der Informationstechnik" abgebildet. Dank meiner Freundin konnte ich die Sperrung aufheben, habe jedoch seitdem damit zu kämpfen, dass mein Computer immer noch von Malware befallen ist. Ich merke dies auch besonders an meinem Browser (Google Chrome), bei dem ich andauernd komische Werbungen angezeigt bekomme (habe diese Programme als u.a. "Search.fbdownloader.com", "snap.do" und "instantsavings" identifizieren können). Nun wollte ich jedoch endlich meinen Rechner von all dem Zeug befreien und machte nun gemäß der Anleitung von trojaner-board.de die nötigen Scans und habe nun die drei gewünschten Logfiles erstellt (FRST, Addition, Gmer) und zusätzlich mit Avira einen Scan durchgeführt, bei dem 80 Funde registriert wurden: - nämlich diverse "JAVA-Virus"- und "Exploit EXP"-Funde in Laufwerk C:\ Ich hoffe sehr, ihr könnte mir dabei helfen, diese Malware zu beseitigen. Hier sind meine Logfiles von Avira, Addition und Gmer (der Log von FRST siehe Anhang, da es zu lang für diesen Post war): ----------------------------------------------------------------------------------------- 1. AVIRA-Logfile ----------------------------------------------------------------------------------------- Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 23. August 2013 12:40
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SEBASTIAN-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3885 54851 Bytes 01.08.2013 08:55:00
AVSCAN.EXE : 13.6.0.1722 634936 Bytes 09.07.2013 20:11:16
AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 09.07.2013 20:11:16
LUKE.DLL : 13.6.0.1550 65080 Bytes 09.07.2013 20:11:29
AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 09.07.2013 20:11:16
AVREG.DLL : 13.6.0.1550 247864 Bytes 09.07.2013 20:11:16
avlode.dll : 13.6.2.1704 449592 Bytes 09.07.2013 20:11:15
avlode.rdf : 13.0.1.40 26825 Bytes 22.08.2013 17:57:44
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:31:19
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:51:17
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:33:25
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 20:51:41
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 12:54:14
VBASE005.VDF : 7.11.91.177 2048 Bytes 23.07.2013 12:54:15
VBASE006.VDF : 7.11.91.178 2048 Bytes 23.07.2013 12:54:16
VBASE007.VDF : 7.11.91.179 2048 Bytes 23.07.2013 12:54:16
VBASE008.VDF : 7.11.91.180 2048 Bytes 23.07.2013 12:54:16
VBASE009.VDF : 7.11.91.181 2048 Bytes 23.07.2013 12:54:17
VBASE010.VDF : 7.11.91.182 2048 Bytes 23.07.2013 12:54:17
VBASE011.VDF : 7.11.91.183 2048 Bytes 23.07.2013 12:54:17
VBASE012.VDF : 7.11.91.184 2048 Bytes 23.07.2013 12:54:17
VBASE013.VDF : 7.11.92.32 156160 Bytes 24.07.2013 19:05:03
VBASE014.VDF : 7.11.92.147 168960 Bytes 25.07.2013 18:52:47
VBASE015.VDF : 7.11.93.93 419328 Bytes 28.07.2013 15:24:05
VBASE016.VDF : 7.11.93.170 1403392 Bytes 29.07.2013 14:27:35
VBASE017.VDF : 7.11.94.31 222208 Bytes 31.07.2013 21:47:36
VBASE018.VDF : 7.11.94.141 273408 Bytes 03.08.2013 10:38:07
VBASE019.VDF : 7.11.94.203 200192 Bytes 04.08.2013 16:39:31
VBASE020.VDF : 7.11.95.8 1925632 Bytes 05.08.2013 18:45:12
VBASE021.VDF : 7.11.95.81 203776 Bytes 06.08.2013 18:42:40
VBASE022.VDF : 7.11.95.175 148480 Bytes 07.08.2013 19:29:52
VBASE023.VDF : 7.11.95.248 1224192 Bytes 09.08.2013 16:05:49
VBASE024.VDF : 7.11.96.43 861184 Bytes 10.08.2013 12:16:51
VBASE025.VDF : 7.11.97.50 1084416 Bytes 19.08.2013 13:13:56
VBASE026.VDF : 7.11.97.133 369664 Bytes 21.08.2013 14:57:07
VBASE027.VDF : 7.11.97.134 2048 Bytes 21.08.2013 14:57:07
VBASE028.VDF : 7.11.97.135 2048 Bytes 21.08.2013 14:57:07
VBASE029.VDF : 7.11.97.136 2048 Bytes 21.08.2013 14:57:07
VBASE030.VDF : 7.11.97.137 2048 Bytes 21.08.2013 14:57:07
VBASE031.VDF : 7.11.97.218 178688 Bytes 23.08.2013 08:24:15
Engineversion : 8.2.12.106
AEVDF.DLL : 8.1.3.4 102774 Bytes 15.06.2013 09:21:46
AESCRIPT.DLL : 8.1.4.142 512382 Bytes 16.08.2013 09:43:29
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 15:45:17
AESBX.DLL : 8.2.16.22 1241464 Bytes 16.08.2013 09:43:30
AERDL.DLL : 8.2.0.128 688504 Bytes 15.06.2013 09:21:44
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 15:33:15
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 08.08.2013 19:30:38
AEHEUR.DLL : 8.1.4.556 6115706 Bytes 16.08.2013 09:43:29
AEHELP.DLL : 8.1.27.4 266617 Bytes 27.06.2013 15:35:02
AEGEN.DLL : 8.1.7.12 442743 Bytes 08.08.2013 19:29:55
AEEXP.DLL : 8.4.1.46 287095 Bytes 08.08.2013 19:30:48
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.6 201081 Bytes 27.06.2013 15:35:02
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.1550 23608 Bytes 09.07.2013 20:11:11
AVPREF.DLL : 13.6.0.1550 48184 Bytes 09.07.2013 20:11:15
AVREP.DLL : 13.6.0.1550 175672 Bytes 09.07.2013 20:11:16
AVARKT.DLL : 13.6.0.1626 258104 Bytes 09.07.2013 20:11:13
AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 09.07.2013 20:11:14
SQLITE3.DLL : 3.7.0.1 397704 Bytes 18.12.2012 08:31:21
AVSMTP.DLL : 13.6.0.1550 59960 Bytes 09.07.2013 20:11:17
NETNT.DLL : 13.6.0.1550 13368 Bytes 09.07.2013 20:11:29
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.1624 67128 Bytes 09.07.2013 20:11:11
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 23. August 2013 12:40
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'FlashPlayerUpdateService.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclRSSrv.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclUSBSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCSuite.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'p2phost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOSCDSPD.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneClone.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'UnlockerAssistant.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmoothView.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'CEC_MAIN.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'traybar.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOPI.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toshiba.Tempo.UI.TrayApplication.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsscp.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdate.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '203' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartFaceVWatchSrv.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosIPCSrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TempoSVC.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'cmw_srv.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4808' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Vista>
[0] Archivtyp: RSRC
--> C:\Program Files\PC Connectivity Solution\WUDFUpdate_01009.dll
[1] Archivtyp: RSRC
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4007700e-359fb71c
[2] Archivtyp: ZIP
--> tkjqmvlsct/afwjuqn.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.K
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/bagpypqhhjvqtbjvygtcapk.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.C
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/dhfakmduwsfnhe.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.B
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ebcmpacapknt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.J
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fbanlqmnldljtnjkruwptew.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.A
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fcfsybs$uhlhuethraalvj.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.I
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fcfsybs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.H
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/hwcfrrwvmqgtdfhygwyrwdauh.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.G
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ktrjwjpelmqujylev.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.F
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/lvpvewkdpunbs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.E
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/phjeefrjkqwnkdmrsql.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.D
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/qdqndukccuajessygpquje.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.O
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/rbuvpktypdq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.M
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ukrrcrbduq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4007700e-359fb71c
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4a03bf91-288bcdce
[2] Archivtyp: ZIP
--> Archive.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Grucs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.TTZ.42
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Ntona.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.wqp.33
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Ogovu.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.TTZ.43
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Totke.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.HLP.OB
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4a03bf91-288bcdce
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.HLP.OB
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4d676c9b-59a65641
[2] Archivtyp: ZIP
--> bpac/b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bpac/KAVS.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bpac/purok.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4d676c9b-59a65641
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79812b43-66bc0d41
[2] Archivtyp: ZIP
--> tkjqmvlsct/afwjuqn.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.K
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/bagpypqhhjvqtbjvygtcapk.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.C
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/dhfakmduwsfnhe.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.B
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ebcmpacapknt.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.J
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fbanlqmnldljtnjkruwptew.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.A
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fcfsybs$uhlhuethraalvj.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.I
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/fcfsybs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.H
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/hwcfrrwvmqgtdfhygwyrwdauh.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.G
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ktrjwjpelmqujylev.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.F
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/lvpvewkdpunbs.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.E
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/phjeefrjkqwnkdmrsql.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.D
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/qdqndukccuajessygpquje.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.O
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/rbuvpktypdq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.M
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> tkjqmvlsct/ukrrcrbduq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79812b43-66bc0d41
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\659b0a7-6215195b
[2] Archivtyp: ZIP
--> Main.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.A.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Pdorys.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.EL
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Tiysi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.A.49
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Vanal.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.AX
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\659b0a7-6215195b
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.AX
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f406fb0-2ed883db
[2] Archivtyp: ZIP
--> durdom/Glocker.class
[FUND] Ist das Trojanische Pferd TR/Downloader.OpenConnection.AS
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> durdom/huiak.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> durdom/Stremer.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.L
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f406fb0-2ed883db
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.L
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1a98d9b1-77eda908
[2] Archivtyp: ZIP
--> Basics.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.LN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Bibica.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.LN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Biiuris.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.A.202
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Button.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.A.203
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Dizink.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.B.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Glickval.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.A.205
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Kossi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.A.206
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MNone.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.LN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Zend.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.A.207
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Generol.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.IO
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1a98d9b1-77eda908
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.IO
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2f1b0f33-70294933
[2] Archivtyp: ZIP
--> bpac/b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bpac/KAVS.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> bpac/purok.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2f1b0f33-70294933
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\415fc83c-433e0347
[2] Archivtyp: ZIP
--> a6a7a760c0e
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Mesdeh.D
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> aa79d1019d8.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> a4cb9b1a8a5.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Mabowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> a66d578f084.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.EZ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ab16db71cdc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.FH
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ab5601d4848.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/C-2008-5353.VW
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> ae28546890f.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.FJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> af439f03798.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.FK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\415fc83c-433e0347
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.FK
--> C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\67db70bc-27b94a8a
[2] Archivtyp: ZIP
--> Rleh/Fhtagn.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A2.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Rleh/poliko.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.55
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> utilits/bobonko.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.IF
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> utilits/coon.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.A.82
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> utilits/pinupa.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HO
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\67db70bc-27b94a8a
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HO
Beginne mit der Suche in 'E:\' <Data>
Beginne mit der Desinfektion:
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\67db70bc-27b94a8a
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54acd019.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\415fc83c-433e0347
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.FK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c0cffb8.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2f1b0f33-70294933
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e57a505.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1a98d9b1-77eda908
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.IO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7878eac2.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f406fb0-2ed883db
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStream.L
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3debc7af.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\659b0a7-6215195b
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-1493.AX
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42e7f5c9.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79812b43-66bc0d41
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0e40d98f.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4d676c9b-59a65641
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '725a9983.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4a03bf91-288bcdce
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.HLP.OB
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5f0ab6cb.qua' verschoben!
C:\Users\Sebastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4007700e-359fb71c
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Belet.L
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46628d00.qua' verschoben!
Ende des Suchlaufs: Freitag, 23. August 2013 17:15
Benötigte Zeit: 4:33:08 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
36928 Verzeichnisse wurden überprüft
841868 Dateien wurden geprüft
80 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
10 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
841788 Dateien ohne Befall
8691 Archive wurden durchsucht
70 Warnungen
10 Hinweise
986086 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
----------------------------------------------------------------------------------------- 2. ADDITION-Logfile ----------------------------------------------------------------------------------------- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-08-2013 Ran by Sebastian at 2013-08-23 11:32:46 Running from C:\Users\Sebastian\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6) Adobe Shockwave Player 11.5 (Version: 11.5) Advanced Renamer (Version: 3.55) AimOne Video Joiner 1.14 Akamai NetSession Interface Service Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMR to MP3 Converter 1.4 Apple Application Support (Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (Version: 2.1.3.127) ArcSoft MediaImpression (Version: 1.5.42.1191) Ask Toolbar (Version: 1.15.26.0) ATI Catalyst Install Manager (Version: 3.0.664.0) Audiofan MP3 to Wave Converter 1.3 (Version: 1.3) AudioJack 3 (Version: 3.08.0215) Avanquest update (Version: 1.34) AVI To MP3 Converter 1.00 Avira Free Antivirus (Version: 13.0.0.3885) Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.6.45268) AVM FRITZ!Box Dokumentation AVM FRITZ!Box Druckeranschluss AVM FRITZ!DSL (Version: 2.04.02) AVS Audio CD Grabber version 4.1 AVS Audio Converter 7 AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 bildschirmschoner_update Bing Bar (Version: 7.1.391.0) Bonjour (Version: 3.0.0.10) Camera Assistant Software for Toshiba (Version: 1.7.193.0508L) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895) Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895) Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895) Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895) Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895) Catalyst Control Center Localization French (Version: 2008.0422.2139.36895) Catalyst Control Center Localization German (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895) Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895) CCC Help Chinese Standard (Version: 2008.0422.2138.36895) CCC Help Chinese Traditional (Version: 2008.0422.2138.36895) CCC Help Czech (Version: 2008.0422.2138.36895) CCC Help Danish (Version: 2008.0422.2138.36895) CCC Help Dutch (Version: 2008.0422.2138.36895) CCC Help English (Version: 2008.0422.2138.36895) CCC Help Finnish (Version: 2008.0422.2138.36895) CCC Help French (Version: 2008.0422.2138.36895) CCC Help German (Version: 2008.0422.2138.36895) CCC Help Greek (Version: 2008.0422.2138.36895) CCC Help Hungarian (Version: 2008.0422.2138.36895) CCC Help Italian (Version: 2008.0422.2138.36895) CCC Help Japanese (Version: 2008.0422.2138.36895) CCC Help Korean (Version: 2008.0422.2138.36895) CCC Help Norwegian (Version: 2008.0422.2138.36895) CCC Help Polish (Version: 2008.0422.2138.36895) CCC Help Portuguese (Version: 2008.0422.2138.36895) CCC Help Russian (Version: 2008.0422.2138.36895) CCC Help Spanish (Version: 2008.0422.2138.36895) CCC Help Swedish (Version: 2008.0422.2138.36895) CCC Help Thai (Version: 2008.0422.2138.36895) CCC Help Turkish (Version: 2008.0422.2138.36895) ccc-core-static (Version: 2008.0422.2139.36895) ccc-utility (Version: 2008.0422.2139.36895) CCleaner (Version: 4.00) CD/DVD Drive Acoustic Silencer (Version: 2.02.03) CDBurnerXP (Version: 4.3.7.2356) Click MusicalKEYS (HKCU Version: 1.0.0.10) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) CuteFTP 8 Home (Version: 8.3.2) CyberGhost VPN DarkWave Studio 2.9.8 (Version: 2.9.8) deviantART Favorites Downloader (Version: 1.2.0) Disc2Phone (Version: 1.5.185) DivX (Version: 6.0) DivX Converter (Version: 7.0.0) DivX Player (Version: 7.0.0) DivX Plus DirectShow Filters DivX Web Player (Version: 1.4.2) DVD MovieFactory for TOSHIBA (Version: 5.51) DVD Ripper Wizard DVD Shrink 3.2 deutsch (DeCSS-frei) Exact Audio Copy 1.0beta3 (Version: 1.0beta3) Express Burn Express Rip Express Zip Dateikomprimierungs-Software FLAC to MP3 Converter 6.1.9 FormatFactory 2.60 (Version: 2.60) Free 3GP Video Converter version 5.0.27.717 (Version: 5.0.27.717) Free M4a to MP3 Converter 7.0 Free WAV to MP3 Converter (Version: 1.0) Free YouTube Download version 3.2.7.711 (Version: 3.2.7.711) Free YouTube to MP3 Converter Studio 7.1 FreeStar Free WAV MP3 Converter 1.0.4 (Version: 1.0.4) freeTunes*3.0 (Version: 3.0.12.1029) Freez FLV to MP3 Converter (Version: 1.5) Google Chrome (Version: 29.0.1547.57) Google Chrome Frame (Version: 65.119.72) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4413.1752) Google Update Helper (Version: 1.3.21.153) Gothic GPL Ghostscript 8.63 Gskstudio Xnxx Downloader v 3.5.0.0 Haali Media Splitter Hotspot Shield 3.11 (Version: 3.11) HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (Version: 22.0.334.0) HP Deskjet 2050 J510 series Hilfe (Version: 140.0.61.61) HP Photo Creations (Version: 1.0.0.3341) HP Update (Version: 5.002.005.003) IrfanView (remove only) (Version: 4.30) iTunes (Version: 11.0.0.163) IVR to WMV MP3 Converter 2.0 Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 3 (Version: 1.6.0.30) Java(TM) 6 Update 39 (Version: 6.0.390) K-Lite Codec Pack 5.4.4 (Basic) (Version: 5.4.4) Magic 3GP Video Converter 8.0.4.24 Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Metacafe Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000) Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0) Microsoft Word 2000 (Version: 9.00.2816) Microsoft Works (Version: 9.7.0621) Microsoft XML Parser (Version: 8.20.8730.4) MISCSOFTWARE.COM Product Key Viewer Demo Mobile Master (Version: 7.5.4) Motorola Driver Installation 4.5.0 (Version: 4.5.0) Motorola Phone Tools (Version: 4.30) Motorola Phone Tools (Version: 5.00) Motorola Phone Tools (Version: 5.31a 05/13/2010) Mozilla Firefox 4.0 (x86 de) (Version: 4.0) MP3 and WAV Solutions 1 MP3 Player Utilities (Version: 1.36) MP3 WAV Converter 2.65 mp3-2-wav converter 1.14 MSVC80_x86_v2 (Version: 1.0.3.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MurGee Auto Mouse Click 1.0 (Version: 1.0) myphotobook 3.6 (Version: 3.6) No23 Recorder (Version: 2.1.0.3) Nokia Connectivity Cable Driver (Version: 7.1.29.0) Nokia PC Suite (Version: 7.1.51.0) Nuclear Coffee - VideoGet (Version: 2011) OpenOffice.org 3.1 (Version: 3.1.9420) PC Connectivity Solution (Version: 10.24.0.0) PCSpeedUp PDFCreator (Version: 0.9.8) pdfforge Toolbar v1.1.1 (Version: 1.1.1) pdfsam (HKCU Version: 2.2.0) PhotoFiltre Picasa 3 (Version: 3.8) PiccShare (HKCU Version: 2.0) QuickTime (Version: 7.73.80.64) RAR Password Cracker 4.12 RAR Password Recovery Magic v6.1.1.95 Real Alternative 1.9.0 (Version: 1.9.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0) RealPlayer (Version: 16.0.2) Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5599) REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0026 Driver:6.1116.1226.2007) Realtek USB 2.0 Card Reader (Version: ) Realtek WiFi Protected Setup Library (Version: Package:1.00.0026) RealUpgrade 1.1 (Version: 1.1.0) SAMSUNG Mobile Composite Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 (Version: 3.0.0.80405) Samsung PC Studio 3 (Version: 3.2.2.80705) Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701) Skins (Version: 2008.0422.2139.36895) Skype Toolbars (Version: 1.0.4051) Skype™ 5.10 (Version: 5.10.116) SoftwareDepo MySpace.com Video Grabber 1.0.0.7 Sound Effect Maker version 1.2 Spybot - Search & Destroy (Version: 2.0.12) Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (Version: 22.0.334.0) Synaptics Pointing Device Driver (Version: 10.1.8.0) The Core Media Player 4.0 TOSHIBA Assist (Version: 2.01.04) TOSHIBA Benutzerhandbücher (Version: 7.40) TOSHIBA ConfigFree (Version: 7.2.13) TOSHIBA Disc Creator (Version: 2.0.1.3) TOSHIBA DVD PLAYER (Version: 1.30.12) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Face Recognition (Version: 2.0.2.32) TOSHIBA Hardware Setup (Version: 2.00.08) Toshiba Online Product Information (Version: 1.00.0012) TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b) TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04)) TOSHIBA Supervisor Password (Version: 2.00.04) Toshiba TEMPRO (Version: 1.2) TOSHIBA Value Added Package (Version: 1.1.19) Total Video Converter 3.50 TRDCReminder (Version: 1.00.0015) Trojan Remover 6.8.5 (Version: 6.8.5) TRORDCLauncher (Version: 1.0.0.1) TubeHunter Ultra 4.31 TuneClone 2.20 UltimateZip (Version: 5.0.1.11) Uniblue RegistryBooster 2010 Uninstall 1.0.0.1 Universal SCSI Controller (Version: 1.12.0.0) Unlocker 1.9.0 (Version: 1.9.0) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) USB-MusicStick 250 VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0) VLC media player 1.1.9 (Version: 1.1.9) WavePad Audiobearbeitungs-Software Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe (Version: 9.00.3374) Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5) Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) WinRAR WinZip Wise Registry Cleaner Free 5.61 (Version: 5.61) WMA MP3 Converter v4.1 build 1296 WordPerfect Office X3 WordPerfect Office X3 (Version: 13.3) WordToPDF 2.4 (Version: 2.4) xHamster Video Downloader 3.22 Xilisoft MP3 WAV Converter (Version: 6.3.0.20120227) YourFileDownloader (HKCU Version: 1.0.3) ==================== Restore Points ========================= 22-08-2013 20:51:50 Removed SpyHunter 22-08-2013 20:54:50 Removed SpyHunter 22-08-2013 20:55:38 Removed SpyHunter 22-08-2013 20:59:17 Wiederherstellungsvorgang 22-08-2013 21:29:17 Removed freeTunes*3.0 ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {001825FE-FF28-4359-970F-A2501EFC5D3A} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe No File Task: {005C5C05-9A4A-40DD-BA03-E9FC625DE055} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {0074DDB1-C275-47DF-B01F-36C7DBAEA818} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {00FC2979-CA65-4D41-AEA0-9EBA6E7262F3} - System32\Tasks\{9E1A4630-5DE4-4206-85B2-8187EAA208B8} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {1A055E22-13D8-4CB4-BB85-EC1130D771F5} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe No File Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {233BD0AC-7815-414E-B825-40DDFDC9D1ED} - System32\Tasks\AmiUpdXp => C:\Users\Sebastian\AppData\Local\SwvUpdater\Updater.exe No File Task: {2893354C-60BF-4002-AEAA-F8B3024CDD96} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {337E4D11-A745-4B1E-AA58-0F1EF57884CB} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe No File Task: {36A1B81C-B1DD-49FC-8C17-4D4C134C0A0D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3CF7A0F0-C76D-4ED0-B4DD-F10D3D903F1D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {454E6FBB-3856-4A73-A7DB-9307A9D1AB0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) Task: {4C4EA69E-3A39-4E5A-A476-9C73A93977FA} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\Protected Search\ProtectedSearch.exe No File Task: {4E2E2EC3-2C43-4E95-8179-0D152A60C37D} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe No File Task: {53EAA3AA-B837-4565-8631-341ACD2C4E30} - System32\Tasks\NCH Software\wavepadDowngrade => C:\Program Files\NCH Software\WavePad\wavepad.exe [2012-05-09] (NCH Software) Task: {579E2BA7-F318-41B5-99A5-68BC9DE4C273} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.) Task: {5DE1C05B-606F-48A1-A7FB-AE60BF716D40} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {5E2E7ED1-6BCA-4526-95FA-57D574EDEC1E} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe No File Task: {6ACF4874-E8D4-40FF-831F-609697ECA17A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {72FCCB56-110D-4AC9-AC54-23DB03E9CD3C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe No File Task: {742BF5DA-A8FC-48B4-A1BC-824F4AD242A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1964794115-2297393020-378249629-1000UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.) Task: {7515D523-438B-493E-9081-15116D003324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {7AAAFAAB-B664-4093-ADFF-E7802EA46C70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1964794115-2297393020-378249629-1000Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.) Task: {82653905-FBB3-48B9-8BBB-7EEF5E90D53F} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe [2012-05-09] (NCH Software) Task: {8944BB97-7C0A-4525-B570-86491E210A29} - System32\Tasks\User_Feed_Synchronization-{02653207-0637-447F-B9C7-8F48139372F2} => C:\Windows\system32\msfeedssync.exe [2013-07-24] (Microsoft Corporation) Task: {8E85416D-0B0D-4D08-8E24-6E0BA78AB074} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe No File Task: {8F68C9B5-C293-4AFE-AF81-1FD795335823} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe No File Task: {9091440E-E146-4EDC-8FB4-E45DA4B6EF6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9F798610-0DAC-4BA3-8E76-6A1B57543725} - System32\Tasks\NCH Software\ExpressRipDowngrade => C:\Program Files\NCH Software\ExpressRip\expressrip.exe [2013-04-05] (NCH Software) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {AD4B103E-EC57-4B06-BD5E-637A63612846} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe No File Task: {B3669C64-2715-4A7E-B87C-D3F179342CA1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe No File Task: {B77D6D9F-F875-4A58-A58D-F0CE182D60A7} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe No File Task: {B9C99E31-12AE-4244-89D5-2374AA774B8F} - System32\Tasks\NCH Software\wavepadShakeIcon => C:\Program Files\NCH Software\WavePad\WavePad.exe [2012-05-09] (NCH Software) Task: {BEEAB6A3-4FC5-41F8-8D3C-99E3C3244EA0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sebastian => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {C5F3BC99-7CF9-4F3E-9A2B-58B681E09727} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\advancedsystemprotector.exe No File Task: {CF98CF31-9EF6-49FA-BCF2-719BFC14AB96} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File Task: {D4E2E691-322A-4DEC-8E56-7711DEA0E96B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {E8BB41FA-E8C0-49B0-A849-4FDCA186E9F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: {F0F0FA8D-7A9D-4CC4-9078-898034F9C68A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1964794115-2297393020-378249629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sebastian\AppData\Local\SwvUpdater\Updater.exe Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{02653207-0637-447F-B9C7-8F48139372F2}.job => C:\Windows\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= Name: Extended PnP BIOS Enumerator Description: Extended PnP BIOS Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: uscbs108 Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/22/2013 00:53:12 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\SYSTWEAK\ADVANCED SYSTEM PROTECTOR\LOGS\LOG_07-02-13_07-07-58.XML> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:12 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\SYSTWEAK\ADVANCED SYSTEM PROTECTOR\LOGS\LOG_02-07-12_02-31-43.XML> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:12 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\SYSTWEAK\ADVANCED SYSTEM PROTECTOR\2.1.1000.9445\ASPLOG.TXT> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:04 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREERIP\UNINSTALL.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:04 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREERIP\READ ME.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:04 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREERIP\LICENSE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:04 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREERIP\FREERIP.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:53:04 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FREERIP\FREERIP ON THE WEB.URL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:45:09 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\SYSTWEAK\ADVANCED SYSTEM PROTECTOR\UPDATE.INI> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/22/2013 00:45:09 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SEBASTIAN\APPDATA\ROAMING\SYSTWEAK\ADVANCED SYSTEM PROTECTOR\SETTINGS.DB> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (07/31/2009 10:56:16 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 31.07.2009 um 10:54:05 unerwartet heruntergefahren. Error: (07/31/2009 09:03:14 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/30/2009 10:39:38 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/30/2009 04:32:07 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/30/2009 02:14:06 PM) (Source: DCOM) (User: ) Description: {6A972E27-93E2-4F98-8367-4101B2073814} Error: (07/30/2009 01:54:17 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/30/2009 01:19:22 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/29/2009 07:21:48 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/29/2009 02:31:51 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/29/2009 00:58:46 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-10 22:04:57.882 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-10 22:04:56.513 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-24 18:32:06.030 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-24 18:32:04.687 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-24 18:32:03.329 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-24 18:32:01.950 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-21 20:20:23.483 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-21 20:20:22.215 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-21 20:20:20.749 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Unlocker\UnlockerHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-21 20:20:19.071 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 2813.1 MB Available physical RAM: 1150.41 MB Total Pagefile: 5844.73 MB Available Pagefile: 3700.54 MB Total Virtual: 2047.88 MB Available Virtual: 1905.93 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:148.89 GB) (Free:4.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:147.73 GB) (Free:0.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: E43EEFE7) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ----------------------------------------------------------------------------------------- 3. GMER-Logfile ----------------------------------------------------------------------------------------- Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-23 12:34:59
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010M 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\fwtyauoc.sys
---- System - GMER 2.1 ----
SSDT 8A9E1EFE ZwCreateSection
SSDT 8A9E1F08 ZwRequestWaitReplyPort
SSDT 8A9E1F03 ZwSetContextThread
SSDT 8A9E1F0D ZwSetSecurityObject
SSDT 8A9E1F12 ZwSystemDebugControl
SSDT 8A9E1E9F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 826F3860 4 Bytes [FE, 1E, 9E, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 826F3B84 4 Bytes [08, 1F, 9E, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 826F3BB8 4 Bytes [03, 1F, 9E, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 826F3C1C 4 Bytes [0D, 1F, 9E, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 826F3C64 4 Bytes [12, 1F, 9E, 8A]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89F56000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89F9F000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E209000, 0x1FB52A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3284] ntdll.dll!DbgBreakPoint 77C6878E 1 Byte [90]
.text C:\Windows\Explorer.EXE[3384] SHELL32.dll!SHFileOperationW 76D368E8 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, B0, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, B3, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, B0, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, B1, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C86890 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, B2, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, B1, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, B2, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C86911 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, B0, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C86A4F C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, B1, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, B2, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, B3, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4824] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 68, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 6B, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 68, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 69, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C8E548 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 6A, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 69, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 6A, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C8E5C9 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 68, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C8E707 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 69, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 6A, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 6B, 9A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4888] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!CreateWindowExW 77DF1305 5 Bytes JMP 68EDDB6C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxParamW 77E110B0 5 Bytes JMP 68E05505 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxIndirectParamW 77E12EF5 5 Bytes JMP 68FD727F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxParamA 77E28152 5 Bytes JMP 68FD721C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!DialogBoxIndirectParamA 77E2847D 5 Bytes JMP 68FD72E2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxIndirectA 77E3D4D9 5 Bytes JMP 68FD71B1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxIndirectW 77E3D5D3 5 Bytes JMP 68FD7146 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxExA 77E3D639 5 Bytes JMP 68FD70E4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5060] USER32.dll!MessageBoxExW 77E3D65D 5 Bytes JMP 68FD7082 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 30, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 33, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 30, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 31, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C85910 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 32, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 31, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 32, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C85991 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 30, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C85ACF C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 31, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 32, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 33, 0E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5108] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 80, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 83, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 80, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 81, B0, 00] {TEST AL, 0x81; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C8FB60 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 82, B0, 00] {TEST AL, 0x82; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 81, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 82, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C8FBE1 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 80, B0, 00] {TEST AL, 0x80; MOV AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C8FD1F C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 81, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 82, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 83, B0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5572] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 64, 3D, 00] {SUB [EBP+EDI+0x0], AH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 67, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 64, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 65, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C88844 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 66, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 65, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 66, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C888C5 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 64, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C88A03 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 65, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 66, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 67, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5600] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CreateDialogParamW 77DE72A2 5 Bytes JMP 68EDDEF8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!GetAsyncKeyState 77DE863C 5 Bytes JMP 68DF8F27 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!SetWindowsHookExW 77DE87AD 5 Bytes JMP 68ED9AF9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CallNextHookEx 77DE8E3B 5 Bytes JMP 68ECD135 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!UnhookWindowsHookEx 77DE98DB 5 Bytes JMP 68E44674 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!EnableWindow 77DECD8B 5 Bytes JMP 68EDDD85 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CreateWindowExW 77DF1305 5 Bytes JMP 68EDDB6C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!GetKeyState 77DF8CB1 5 Bytes JMP 68EDD333 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!IsDialogMessageW 77E00745 5 Bytes JMP 68E05A17 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CreateDialogParamA 77E017AA 5 Bytes JMP 68FD7F04 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!IsDialogMessage 77E01847 5 Bytes JMP 68FD77A0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CreateDialogIndirectParamA 77E026F1 5 Bytes JMP 68FD7F3B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!CreateDialogIndirectParamW 77E09A62 5 Bytes JMP 68FD7F72 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!SetKeyboardState 77E10987 5 Bytes JMP 68FD7B0F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!DialogBoxParamW 77E110B0 5 Bytes JMP 68E05505 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!DialogBoxIndirectParamW 77E12EF5 5 Bytes JMP 68FD727F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!SendInput 77E12F75 5 Bytes JMP 68FD86CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!EndDialog 77E1326E 5 Bytes JMP 68E07EC2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!SetCursorPos 77E26FB2 5 Bytes JMP 68FD871F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!DialogBoxParamA 77E28152 5 Bytes JMP 68FD721C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!DialogBoxIndirectParamA 77E2847D 5 Bytes JMP 68FD72E2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!MessageBoxIndirectA 77E3D4D9 5 Bytes JMP 68FD71B1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!MessageBoxIndirectW 77E3D5D3 5 Bytes JMP 68FD7146 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!MessageBoxExA 77E3D639 5 Bytes JMP 68FD70E4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!MessageBoxExW 77E3D65D 5 Bytes JMP 68FD7082 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] USER32.dll!keybd_event 77E3D972 5 Bytes JMP 68FD8A4F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!SHRestricted + D95 76D789A8 4 Bytes [0D, 31, A8, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!SHRestricted + D9D 76D789B0 8 Bytes [17, 30, A8, 63, 15, 5D, A7, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!ILFree + 3DA 76D78E1C 4 Bytes [0D, 31, A8, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!ILFree + 3E2 76D78E24 4 Bytes [17, 30, A8, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!SHBindToObject + 8C 76D7E1A8 4 Bytes [0D, 31, A8, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] SHELL32.dll!SHBindToObject + 94 76D7E1B0 4 Bytes [17, 30, A8, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] ole32.dll!OleLoadFromStream 765E1E80 5 Bytes JMP 68FD7600 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 68EDDBC8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] WININET.dll!HttpOpenRequestA 763AD518 5 Bytes JMP 5B6D3EFE C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7052] WININET.dll!HttpOpenRequestW 763AFC0B 5 Bytes JMP 5B6D4062 C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 24, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 27, 62, 00] {SUB [EDI], AH; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 24, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 25, 62, 00] {TEST AL, 0x25; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C8AD04 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 26, 62, 00] {TEST AL, 0x26; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 25, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 26, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C8AD85 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 24, 62, 00] {TEST AL, 0x24; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C8AEC3 C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 25, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 26, 62, 00] {SUB [ESI], AH; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 27, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7468] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtCreateFile + 6 77C8426A 4 Bytes [28, 1C, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtCreateFile + B 77C8426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtMapViewOfSection + 6 77C849BA 4 Bytes [28, 1F, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtMapViewOfSection + B 77C849BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenFile + 6 77C84A4A 4 Bytes [68, 1C, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenFile + B 77C84A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcess + 6 77C84ACA 4 Bytes [A8, 1D, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcess + B 77C84ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcessToken + 6 77C84ADA 4 Bytes CALL 76C869FC C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcessToken + B 77C84ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcessTokenEx + 6 77C84AEA 4 Bytes [A8, 1E, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenProcessTokenEx + B 77C84AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThread + 6 77C84B3A 4 Bytes [68, 1D, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThread + B 77C84B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThreadToken + 6 77C84B4A 4 Bytes [68, 1E, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThreadToken + B 77C84B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThreadTokenEx + 6 77C84B5A 4 Bytes CALL 76C86A7D C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtOpenThreadTokenEx + B 77C84B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtQueryAttributesFile + 6 77C84BEA 4 Bytes [A8, 1C, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtQueryAttributesFile + B 77C84BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtQueryFullAttributesFile + 6 77C84C9A 4 Bytes CALL 76C86BBB C:\Windows\system32\MSCTF.dll
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtQueryFullAttributesFile + B 77C84C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtSetInformationFile + 6 77C8517A 4 Bytes [28, 1D, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtSetInformationFile + B 77C8517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtSetInformationThread + 6 77C851CA 4 Bytes [28, 1E, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtSetInformationThread + B 77C851CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtUnmapViewOfSection + 6 77C8546A 4 Bytes [68, 1F, 1F, 00]
.text C:\Program Files\Google\Chrome Frame\Application\chrome.exe[7492] ntdll.dll!NtUnmapViewOfSection + B 77C8546F 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp pssdklbf.sys
AttachedDevice \Driver\tdx \Device\Udp pssdklbf.sys
---- EOF - GMER 2.1 ----
Vielen Dank im Voraus! Hungry Ghost |
|
23.08.2013, 17:54
| #2 | |
| /// the machine /// TB-Ausbilder    | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
24.08.2013, 06:51
| #3 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hi schrauber,
__________________danke für deine Antwort! Ich hab die Logfile von Combofix erstellen lassen, dauerte über 8 Stunden, ziemlich heftig. Hier die Logfile: Code:
ATTFilter ComboFix 13-08-22.01 - Sebastian 23/08/2013 20:33:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2813.1315 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9rEcGKR.pad
c:\users\Sebastian\AppData\Local\ext_piccshare_uninst.exe
c:\users\Sebastian\AppData\Local\lame_enc.dll
c:\users\Sebastian\AppData\Local\no23xwrapper.dll
c:\users\Sebastian\AppData\Local\ogg.dll
c:\users\Sebastian\AppData\Local\vorbis.dll
c:\users\Sebastian\AppData\Local\vorbisenc.dll
c:\users\Sebastian\AppData\Local\vorbisfile.dll
c:\users\Sebastian\AppData\Roaming\271A.891
c:\users\Sebastian\AppData\Roaming\convert\convert.exe
c:\users\Sebastian\AppData\Roaming\Kbreal
c:\users\Sebastian\AppData\Roaming\Kbreal\crtxml.exe
c:\windows\IsUn0407.exe
c:\windows\system32\~GLH0007.TMP
c:\windows\system32\~GLH0009.TMP
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\roboot.exe
c:\windows\system32\SETB13A.tmp
c:\windows\wininit.ini
E:\Documents.lnk
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-23 bis 2013-08-23 ))))))))))))))))))))))))))))))
.
.
2013-08-23 18:50 . 2013-08-23 18:50 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-08-23 18:50 . 2013-08-23 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-23 16:15 . 2013-08-23 16:15 -------- d-----w- c:\program files\7-Zip
2013-08-23 09:25 . 2013-08-23 09:25 -------- d-----w- C:\FRST
2013-08-22 20:31 . 2013-08-22 20:34 -------- d-----w- C:\sh4ldr
2013-08-22 09:58 . 2013-08-22 09:58 -------- d-----w- c:\users\Sebastian\Ein Herz und eine Seele
2013-08-21 23:19 . 2013-08-21 23:22 -------- d-----w- C:\AdwCleaner
2013-08-20 19:57 . 2013-08-20 19:57 -------- d-----w- c:\programdata\NortonInstaller
2013-08-19 13:55 . 2013-07-24 02:10 41160 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-08-14 11:31 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 11:31 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 11:31 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 11:31 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 11:31 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 11:31 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 11:29 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 11:29 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 11:29 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-31 22:00 . 2013-08-15 09:10 -------- d-----w- c:\windows\system32\MRT
2013-07-28 16:11 . 2013-07-28 16:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-28 09:11 . 2013-07-28 09:11 -------- d-----w- c:\programdata\hssff
2013-07-25 09:34 . 2013-07-25 09:34 -------- d-----w- c:\program files\Enigma Software Group
2013-07-25 09:32 . 2013-08-22 21:09 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 20:08 . 2013-03-05 11:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 20:08 . 2011-12-09 18:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 16:10 . 2013-02-07 14:18 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-28 16:10 . 2011-04-13 14:00 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-04 01:50 . 2013-07-11 14:15 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-11 14:14 505344 ----a-w- c:\windows\system32\qedit.dll
2012-05-11 13:16 . 2012-05-11 13:16 171520 ----a-w- c:\program files\Common Files\dsfOggDemux2.dll
2011-04-18 21:51 . 2011-04-18 21:51 653136 ----a-w- c:\program files\Common Files\MSVCR90.dll
2011-04-18 21:51 . 2011-04-18 21:51 569680 ----a-w- c:\program files\Common Files\MSVCP90.dll
2011-01-12 01:00 . 2011-01-12 01:00 30208 ----a-w- c:\program files\Common Files\wmpinfo.dll
2011-01-12 01:00 . 2011-01-12 01:00 240128 ----a-w- c:\program files\Common Files\dsfVorbisDecoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 146944 ----a-w- c:\program files\Common Files\dsfFLACDecoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 221184 ----a-w- c:\program files\Common Files\dsfFLACEncoder.dll
2011-01-12 01:00 . 2011-01-12 01:00 204800 ----a-w- c:\program files\Common Files\dsfNativeFLACSource.dll
2010-12-16 20:39 . 2010-12-16 20:39 302592 ----a-w- c:\program files\Common Files\webmmux.dll
2010-12-16 20:39 . 2010-12-16 20:39 701440 ----a-w- c:\program files\Common Files\vp8encoder.dll
2010-12-16 20:39 . 2010-12-16 20:39 412672 ----a-w- c:\program files\Common Files\vp8decoder.dll
2010-12-16 20:39 . 2010-12-16 20:39 292352 ----a-w- c:\program files\Common Files\webmsplit.dll
2011-03-18 17:56 . 2011-04-11 18:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 14:22 1307728 ----a-w- c:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-11 18:40 138752 ----a-w- c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-07-11 20:28 277512 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-24 39408]
"Akamai NetSession Interface"="c:\users\Sebastian\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"SCheck"="c:\users\Sebastian\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"SSync"="c:\users\Sebastian\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"Intermediate"="c:\users\Sebastian\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2012-02-24 4550656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-09 345144]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-20 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe /startup [2009-3-3 145736]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-14 13:44 136176 ----atw- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 21:32 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 20:08]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-24 17:16]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-24 17:16]
.
2013-08-23 c:\windows\Tasks\User_Feed_Synchronization-{02653207-0637-447F-B9C7-8F48139372F2}.job
- c:\windows\system32\msfeedssync.exe [2013-08-14 23:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=ds&q={searchTerms}&installDate=05/04/2013
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Das YouTube Video als MP3 &speichern - c:\users\Sebastian\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
IE: {{2d8ee268-8d7a-4996-b80b-8999ce8c7fe2} - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} -
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{432464BA-CDAD-4B34-900E-178E765E3DBA}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=hp&installDate=05/04/2013
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52505
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2013-07-01 18:06; afurladvisor@anchorfree.com; c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-07-20 17:48; 7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com; c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF - ExtSQL: 2013-07-24 11:25; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: !HIDDEN! 2009-06-25 10:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.id - 040bfd6d000000000000002163bb1b38
FF - user.js: extensions.BabylonToolbar_i.hardId - 040bfd6d000000000000002163bb1b38
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15520
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111789&tt=280612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 7a00aa57-e145-4f64-97fe-1b2bcdaefde1
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
BHO-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKCU-Run-Txtpack - c:\users\Sebastian\AppData\Roaming\Kbreal\crtxml.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-Advanced System Protector - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-{BC26DD60-4783-76F3-F1D7-4A5261BE51FE} - c:\progra~2\INSTAL~3\{136BA~1\Setup.exe
AddRemove-2165807856.www.pcspeedup.com - c:\program files\Microsoft Silverlight\4.1.10111.0\Silverlight.Configuration.exe
AddRemove-PiccShare - c:\users\Sebastian\AppData\Local\ext_piccshare_uninst.exe
AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-23 20:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????O??l?????W???W???W?( W?P
.
Scanne versteckte Dateien...
.
.
c:\users\SEBAST~1\AppData\Local\Temp\~DF1F.tmp 16384 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF24E.tmp 16384 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF26B.tmp 16384 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF276.tmp 512 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF36A3.tmp 32768 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF3A0B.tmp 16384 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF9B82.tmp 16384 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DF9B8F.tmp 512 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DFC1.tmp 524288 bytes
c:\users\SEBAST~1\AppData\Local\Temp\~DFFDC6.tmp 835584 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 10
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-08-24 04:53:42
ComboFix-quarantined-files.txt 2013-08-24 02:53
.
Vor Suchlauf: 7.383.396.352 Bytes frei
Nach Suchlauf: 6.703.960.064 Bytes frei
.
- - End Of File - - A3FE2A0A881799AF1BBF2D8C6C30ED8C
5C616939100B85E558DA92B899A0FC36
Gruß, Hungry Ghost |
|
24.08.2013, 11:44
| #4 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2013, 20:48
| #5 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hallo schrauber, danke für deine weiteren Anweisungen. Habe die Scans durchgeführt, hier sind die neuen Logfiles: --------------------------------------------------------------------------------------- 1. MALWAREBYTES ANTI-MALWARE -Logfile: --------------------------------------------------------------------------------------- Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.24.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19453 Sebastian :: SEBASTIAN-PC [Administrator] Schutz: Deaktiviert 24/08/2013 19:45:08 mbam-log-2013-08-24 (19-45-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 262290 Laufzeit: 16 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0T1M2Q2W -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=ds&q={searchTerms}&installDate=05/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=ds&q={searchTerms}&installDate=05/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sebastian\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.2.4214.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) --------------------------------------------------------------------------------------- 2. ADW CLEANER-Logfile: --------------------------------------------------------------------------------------- Code:
ATTFilter # AdwCleaner v3.001 - Report created 24/08/2013 at 20:44:04
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Sebastian - SEBASTIAN-PC
# Running from : C:\Users\Sebastian\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Sebastian\AppData\Local\ext_piccshare
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Common\LuaRT
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Intermediate
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\SCheck
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\SSync
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\engine@plasmoo.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\plugin@yontoo.com
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\software@loadtubes.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\support@predictad.com
Folder Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
File Deleted : C:\END
File Deleted : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\searchplugins\plasmoo.xml
File Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF98CF31-9EF6-49FA-BCF2-719BFC14AB96}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF98CF31-9EF6-49FA-BCF2-719BFC14AB96}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{337E4D11-A745-4B1E-AA58-0F1EF57884CB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{337E4D11-A745-4B1E-AA58-0F1EF57884CB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E6E73E7-C370-4607-9AB5-CD141A139175}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{507BA2C7-4851-4D96-8BD5-650668F922AC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B424109-6F99-4306-8F2B-0B2BB1C8C415}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0EB0A9-265F-4D9D-AF96-0EF2403A73E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF046E1-80F7-43E0-80C0-0AD696799C8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0FD0502-5878-441D-A3C0-9A4531C526CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E46008-1902-41A7-91C7-26EC6E0B66D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks []
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Ciuvo
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\httogroup
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\piccshare
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Winload
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Plus-HD-2.3
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\Winload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DesktopIconAmazon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\loadtbs-3.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\piccshare
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Protected Search_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Product Deleted : Ask Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.19453
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v4.0 (de)
[ File : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\prefs.js ]
Line Deleted : user_pref("CT2269050..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2269050.CTID", "CT2269050");
Line Deleted : user_pref("CT2269050.CurrentServerDate", "25-1-2011");
Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Tue Jan 25 2011 10:45:37 GMT+0100");
Line Deleted : user_pref("CT2269050.FirstServerDate", "17-12-2010");
Line Deleted : user_pref("CT2269050.FirstTime", true);
Line Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Line Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2269050.Initialize", true);
Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2269050.InstalledDate", "Fri Dec 17 2010 13:39:46 GMT+0100");
Line Deleted : user_pref("CT2269050.InvalidateCache", false);
Line Deleted : user_pref("CT2269050.IsGrouping", false);
Line Deleted : user_pref("CT2269050.IsMulticommunity", false);
Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Jan 24 2011 21:42:35 GMT+0100");
Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Jan 19 2011 21:36:32 GMT+0100");
Line Deleted : user_pref("CT2269050.LastLogin_3.2.2.0", "Tue Jan 25 2011 10:45:40 GMT+0100");
Line Deleted : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2269050.Locale", "en");
Line Deleted : user_pref("CT2269050.LoginCache", 4);
Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Mon Jan 24 2011 21:42:36 GMT+0100");
Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Line Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://search.orbitdownloader.com");
Line Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Jan 24 2011 21:42:38 GMT+0100");
Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Nov 14 2012 18:29:14 GMT+0100");
Line Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jan 25 2011 10:45:35 GMT+0100");
Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1295944639");
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Jan 18 2011 20:26:51 GMT+0100");
Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2269050.UserID", "UN90526340153496352");
Line Deleted : user_pref("CT2269050.WeatherNetwork", "");
Line Deleted : user_pref("CT2269050.WeatherPollDate", "Tue Jan 25 2011 10:45:44 GMT+0100");
Line Deleted : user_pref("CT2269050.WeatherUnit", "C");
Line Deleted : user_pref("CT2269050.alertChannelId", "666138");
Line Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2269050.myStuffEnabled", true);
Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2269050.testingCtid", "");
Line Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Jan 24 2011 21:42:35 GMT+0100");
Line Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Jan 24 2011 21:42:35 GMT+0100");
Line Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2319825.CTID", "CT2319825");
Line Deleted : user_pref("CT2319825.CurrentServerDate", "11-4-2011");
Line Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Wed Nov 14 2012 18:29:07 GMT+0100");
Line Deleted : user_pref("CT2319825.FeedPollDate11908299", "Wed Nov 14 2012 18:29:12 GMT+0100");
Line Deleted : user_pref("CT2319825.FirstServerDate", "23-3-2011");
Line Deleted : user_pref("CT2319825.FirstTime", true);
Line Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Line Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2319825.Initialize", true);
Line Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2319825.InstalledDate", "Wed Mar 23 2011 10:41:26 GMT+0100");
Line Deleted : user_pref("CT2319825.InvalidateCache", false);
Line Deleted : user_pref("CT2319825.IsGrouping", false);
Line Deleted : user_pref("CT2319825.IsMulticommunity", false);
Line Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2319825.LastLogin_3.2.2.0", "Mon Apr 11 2011 18:09:46 GMT+0200");
Line Deleted : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2319825.Locale", "de");
Line Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2319825.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Line Deleted : user_pref("CT2319825.RadioLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Line Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Line Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Line Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Line Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Line Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Line Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Apr 10 2011 20:15:34 GMT+0200");
Line Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Wed Nov 14 2012 18:29:06 GMT+0100");
Line Deleted : user_pref("CT2319825.SettingsLastUpdate", "1300873232");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon Nov 05 2012 11:35:02 GMT+0100");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Line Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.UserID", "UN64505035231747553");
Line Deleted : user_pref("CT2319825.ValidationData_Search", 0);
Line Deleted : user_pref("CT2319825.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2319825.WeatherNetwork", "");
Line Deleted : user_pref("CT2319825.WeatherPollDate", "Wed Nov 14 2012 18:29:12 GMT+0100");
Line Deleted : user_pref("CT2319825.WeatherUnit", "C");
Line Deleted : user_pref("CT2319825.alertChannelId", "715912");
Line Deleted : user_pref("CT2319825.backendstorage.id", "35333636373231");
Line Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.myStuffEnabled", true);
Line Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2319825.testingCtid", "");
Line Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Wed Nov 14 2012 18:29:11 GMT+0100");
Line Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Wed Mar 23 2011 10:41:38 GMT+0100");
Line Deleted : user_pref("CT2319825.usagesFlag", 2);
Line Deleted : user_pref("CT2325506..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2325506..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2325506..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2325506.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2325506.CTID", "CT2325506");
Line Deleted : user_pref("CT2325506.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2325506.CurrentServerDate", "25-1-2011");
Line Deleted : user_pref("CT2325506.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2325506.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2325506.EMailNotifierPollDate", "Tue Jan 25 2011 10:45:52 GMT+0100");
Line Deleted : user_pref("CT2325506.FeedLastCount128733872087331273", 10);
Line Deleted : user_pref("CT2325506.FeedPollDate128733872087331273", "Tue Jan 25 2011 10:45:54 GMT+0100");
Line Deleted : user_pref("CT2325506.FirstServerDate", "24-1-2011");
Line Deleted : user_pref("CT2325506.FirstTime", true);
Line Deleted : user_pref("CT2325506.FirstTimeFF3", true);
Line Deleted : user_pref("CT2325506.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2325506.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2325506.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2325506.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2325506.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2325506.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2325506.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2325506.Initialize", true);
Line Deleted : user_pref("CT2325506.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2325506.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2325506.InstallationId", "Integrated_CT2325506.exe");
Line Deleted : user_pref("CT2325506.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2325506.InstalledDate", "Mon Jan 24 2011 23:41:40 GMT+0100");
Line Deleted : user_pref("CT2325506.InvalidateCache", false);
Line Deleted : user_pref("CT2325506.IsGrouping", false);
Line Deleted : user_pref("CT2325506.IsMulticommunity", false);
Line Deleted : user_pref("CT2325506.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2325506.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2325506.LanguagePackLastCheckTime", "Mon Jan 24 2011 21:42:56 GMT+0100");
Line Deleted : user_pref("CT2325506.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2325506.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2325506.LastLogin_3.2.2.0", "Tue Jan 25 2011 19:59:18 GMT+0100");
Line Deleted : user_pref("CT2325506.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2325506.Locale", "de");
Line Deleted : user_pref("CT2325506.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2325506.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2325506.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2325506.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2325506.RadioIsPodcast", false);
Line Deleted : user_pref("CT2325506.RadioLastCheckTime", "Tue Jan 25 2011 10:47:38 GMT+0100");
Line Deleted : user_pref("CT2325506.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2325506.RadioMediaID", "9962");
Line Deleted : user_pref("CT2325506.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2325506.RadioMenuSelectedID", "EBRadioMenu_CT23255069962");
Line Deleted : user_pref("CT2325506.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2325506.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2325506.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2325506.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&q=");
Line Deleted : user_pref("CT2325506.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2325506.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2325506.SearchInNewTabLastCheckTime", "Mon Jan 24 2011 21:42:53 GMT+0100");
Line Deleted : user_pref("CT2325506.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2325506.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2325506.ServiceMapLastCheckTime", "Mon Jan 24 2011 21:42:39 GMT+0100");
Line Deleted : user_pref("CT2325506.SettingsLastCheckTime", "Tue Jan 25 2011 19:59:14 GMT+0100");
Line Deleted : user_pref("CT2325506.SettingsLastUpdate", "1295944703");
Line Deleted : user_pref("CT2325506.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2325506.ThirdPartyComponentsLastCheck", "Mon Jan 24 2011 21:42:39 GMT+0100");
Line Deleted : user_pref("CT2325506.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2325506.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2325506.UserID", "UN93830662005828382");
Line Deleted : user_pref("CT2325506.WeatherNetwork", "");
Line Deleted : user_pref("CT2325506.WeatherPollDate", "Tue Jan 25 2011 10:45:53 GMT+0100");
Line Deleted : user_pref("CT2325506.WeatherUnit", "C");
Line Deleted : user_pref("CT2325506.alertChannelId", "721521");
Line Deleted : user_pref("CT2325506.components.1000034", false);
Line Deleted : user_pref("CT2325506.components.1000082", false);
Line Deleted : user_pref("CT2325506.components.1000234", false);
Line Deleted : user_pref("CT2325506.components.128733871675769250", false);
Line Deleted : user_pref("CT2325506.components.128733871908582040", false);
Line Deleted : user_pref("CT2325506.components.128733872087331273", false);
Line Deleted : user_pref("CT2325506.components.128860923969337817", false);
Line Deleted : user_pref("CT2325506.components.128918569854169144", false);
Line Deleted : user_pref("CT2325506.components.128918573790107246", false);
Line Deleted : user_pref("CT2325506.components.129225522780665764", false);
Line Deleted : user_pref("CT2325506.components.3568429344344734706", false);
Line Deleted : user_pref("CT2325506.myStuffEnabled", true);
Line Deleted : user_pref("CT2325506.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2325506.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2325506.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2325506.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2325506.testingCtid", "");
Line Deleted : user_pref("CT2325506.toolbarAppMetaDataLastCheckTime", "Mon Jan 24 2011 21:42:51 GMT+0100");
Line Deleted : user_pref("CT2325506.toolbarContextMenuLastCheckTime", "Mon Jan 24 2011 21:42:56 GMT+0100");
Line Deleted : user_pref("CT2325506.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2319825");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/721521/717372/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1280150108\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"1282729563\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2325506", "\"1278411263\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "uwY9T5AsudBxjradvWCAOA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "D/tN3YiKFksK+RjZytPhIA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1295944639\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"1300873232\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2325506/CT2325506", "\"1295944703\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalizer_dead.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634351849102130000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634310612473900000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2325506");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{26647ca4-a2a7-4eac-8a72-761aa9141de7}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "www.freeware-download.com");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2325506");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{26647ca4-a2a7-4eac-8a72-761aa9141de7}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "www.freeware-download.com");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2325506,ConduitEngine,CT2319825");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2325506,CT2319825");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Apr 10 2011 20:15:34 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 14 2013 14:13:08 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "e20a0179-74a7-4a91-95a6-bb4fd75bc785");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Nov 14 2012 18:29:07 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "78f9913b-8f9a-40ca-9d51-8e89705905b9");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jul 20 2013 17:45:50 GMT+0200");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "01/24/2011 23");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Jan 24 2011 23:42:08 GMT+0100");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Nov 14 2012 18:29:14 GMT+0100");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.2.0", "Tue Jan 25 2011 10:45:45 GMT+0100");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Aug 23 2012 03:01:58 GMT+0200");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Nov 14 2012 18:29:14 GMT+0100");
Line Deleted : user_pref("ConduitEngine.UserID", "UN92796171958376562");
Line Deleted : user_pref("ConduitEngine.engineLocale", "de");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Nov 14 2012 18:29:14 GMT+0100");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jul 20 2013 17:45:50 GMT+0200");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.ClearSearchHistoryOnClose", "false");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.CurrentLanguageSelection", "English");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.CurrentNavigationSelection", "Current window");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.CurrentSearchEngineSelection", "US: United States of America");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.DisplayRecentSearches", "true");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.ShowButtonText2", "true");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.setupExtension", "true");
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.userEnable", true);
Line Deleted : user_pref("DownTangoFTToolbar_2937.global.userID", "aefe1f33f5f46eb31459f881c6d26463");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Plasmoo");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Search the web");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=hp&installDate=05/04/2013");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111789&tt=280612_7_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "040bfd6d000000000000002163bb1b38");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "040bfd6d000000000000002163bb1b38");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15520");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:17:04");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_91.code", "(function(h){var o=(function(){var Q=0;var Y=\"\";function P(ab){return [...]
Line Deleted : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13afff77718e57d3a2d887603af3aac5");
Line Deleted : user_pref("extensions.enabledAddons", "finder@meingutscheincode.de:2.0,{02450954-cdd9-410f-b1da-db804e18c671}:0.96.3,{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,quickstores@quickstores.de:1[...]
Line Deleted : user_pref("extensions.enabledItems", "{b3a3c66c-34eb-415e-b9af-6d6823522c70}:1.0,{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872,avg@igeared:6.103.018.001,engine@conduit.com:3.2.2.0,{ACAA314B-EEBA-48[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "7a00aa57-e145-4f64-97fe-1b2bcdaefde1");
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.installTime", "1317319993");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "4.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uniqueID", "130545949113054597311317319993450");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1376482397);
Line Deleted : user_pref("icqtoolbar.version", "1.1.9");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");
Line Deleted : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
Line Deleted : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
Line Deleted : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "Search the web");
Line Deleted : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "Search");
Line Deleted : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
Line Deleted : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Search the web");
Line Deleted : user_pref("plasmoo.search.engine.prevstartuphomepage", "hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=DE&userid=b3a3c66c-34eb-415e-b9af-6d6823522c70&searchtype=hp&installDat[...]
Line Deleted : user_pref("plasmoo.search.engine.status", "INSTALLED");
Line Deleted : user_pref("quickstores.toolbar.affid", "2017");
Line Deleted : user_pref("quickstores.toolbar.guid", "{79EA0A13-99E7-848D-7AAE-C282D3469DA3}");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.defaultenginename", "Search the web");
-\\ Google Chrome v29.0.1547.57
[ File : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [82569 octets] - [22/08/2013 01:19:54]
AdwCleaner[R1].txt - [66890 octets] - [24/08/2013 20:20:31]
AdwCleaner[S0].txt - [4430 octets] - [22/08/2013 01:22:36]
AdwCleaner[S1].txt - [62709 octets] - [24/08/2013 20:44:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [62770 octets] ##########
--------------------------------------------------------------------------------------- 3. JUNKWARE REMOVAL TOOL-Logfile: --------------------------------------------------------------------------------------- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sebastian on 24/08/2013 at 21:01:26,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Failed to stop: [Service] hsswd
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a6eb8fe4c9986914497e92c7f5a702e3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344344426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2325506
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
~~~ Files
Failed to delete: [File] "C:\Users\Sebastian\appdata\local\google\chrome\user data\default\ext_piccshare"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Sebastian\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\i2cb9wbv.default\prefs.js
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\i2cb9wbv.default\minidumps [26 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/08/2013 at 21:07:25,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------------------------- 4. FRST-Logfile (neu): --------------------------------------------------------------------------------------- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-08-2013 01
Ran by Sebastian (administrator) on 24-08-2013 21:37:41
Running from C:\Users\Sebastian\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Windows\system32\PSIService.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(TuneClone.COM) C:\Program Files\TuneClone\TuneClone.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\p2phost.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [QuickFinder Scheduler] - C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TuneClone] - C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [TrojanScanner] - C:\Program Files\Trojan Remover\Trjscan.exe [1247504 2012-09-14] (Simply Super Software)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-06-20] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [CollaborationHost] - C:\Windows\system32\p2phost.exe [192000 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1479680 2010-05-14] (Nokia)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-24] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\fbwuser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\fbwuser\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
ShortcutTarget: Metacafe.lnk -> C:\Program Files\Metacafe\MetacafeAgent.exe (Metacafe)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU -No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\29.0.1547.57\npchrome_frame.dll (Google Inc.)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{432464BA-CDAD-4B34-900E-178E765E3DBA}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default
FF NewTab: about:blank
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 52505
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Magic 3GP Video Converter\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Magic 3GP Video Converter\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 - C:\Users\Sebastian\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\searchplugins\search_the_web.xml
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Mein Gutscheincode Finder - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\finder@meingutscheincode.de
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\informationaltab@piro.sakura.ne.jp
FF Extension: BrOwwsae2saevEe - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\jyu_k@vmqhpwftiy.co.uk
FF Extension: Smart Bookmarks Bar - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\smartbookmarksbar@remy.juteau
FF Extension: YouPlayer - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\youplayer@addons.mozilla.org
FF Extension: Screengrab - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF Extension: Site Launcher - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: DownTango Launcher - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{411beae9-8c58-477c-8903-201536f61512}
FF Extension: Stylish - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF Extension: Yahoo! Toolbar - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Interclue - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
FF Extension: dvscontextmenuy - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\dvscontextmenuy@dvdvideosoft.com
FF Extension: VideoGet FireFox extension - C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR Extension: (YouTube) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Google Reader) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Sebastian\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.14.1.0.crx
CHR HKLM\...\Chrome\Extension: [gladcbhcbkdeddbidiblppadjdjalidb] - C:\Program Files\DownTangoFTToolbar\chrome\DownTangoFTToolbar.crx
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-09] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-07-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2011-06-29] (microOLAP Technologies LTD)
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2011-06-29] (microOLAP Technologies LTD)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [28776 2012-02-24] (TuneClone Software)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 uscbs108; system32\DRIVERS\uscbs108.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 21:36 - 2013-08-24 21:36 - 01070693 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST.exe
2013-08-24 21:07 - 2013-08-24 21:07 - 00004622 _____ C:\Users\Sebastian\Desktop\JRT.txt
2013-08-24 21:00 - 2013-08-24 21:00 - 01021434 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2013-08-24 21:00 - 2013-08-24 21:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 20:52 - 2013-08-24 20:52 - 00062851 _____ C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2013-08-24 18:11 - 2013-08-24 18:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 17:59 - 2013-08-24 18:01 - 00000000 ____D C:\Users\Sebastian\Desktop\LocalCDDB
2013-08-24 17:59 - 2013-08-24 17:59 - 00000000 ____D C:\Users\Sebastian\Desktop\Patti Smith. Banga (WAVE)
2013-08-24 08:09 - 2013-08-24 08:09 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger (1).exe
2013-08-24 04:54 - 2013-08-24 04:54 - 00024490 _____ C:\Users\Sebastian\Desktop\Combofix.txt
2013-08-24 04:53 - 2013-08-24 04:53 - 00024490 _____ C:\ComboFix.txt
2013-08-23 20:26 - 2013-08-24 04:53 - 00000000 ____D C:\ComboFix
2013-08-23 20:26 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-23 20:26 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-23 20:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-23 20:19 - 2013-08-24 20:07 - 00001294 _____ C:\Windows\PFRO.log
2013-08-23 20:13 - 2013-08-23 20:13 - 00000000 ____D C:\Users\Sebastian\Documents\ProcAlyzer Dumps
2013-08-23 20:04 - 2013-08-24 04:53 - 00000000 ____D C:\Qoobox
2013-08-23 20:03 - 2013-08-23 20:52 - 00000000 ____D C:\Windows\erdnt
2013-08-23 19:57 - 2013-08-23 19:57 - 05111180 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe
2013-08-23 18:57 - 2013-08-23 18:57 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger.exe
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Users\Sebastian\Desktop\Logfiles für trojaner-board.de
2013-08-23 18:15 - 2013-08-23 18:15 - 01110476 _____ C:\Users\Sebastian\Desktop\7z920.exe
2013-08-23 18:15 - 2013-08-23 18:15 - 00000000 ____D C:\Program Files\7-Zip
2013-08-23 11:35 - 2013-08-23 11:35 - 00377856 _____ C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\FRST
2013-08-23 11:19 - 2013-08-23 11:20 - 00000480 _____ C:\Users\Sebastian\Desktop\defogger_disable.log
2013-08-23 11:18 - 2013-08-23 11:18 - 00050477 _____ C:\Users\Sebastian\Desktop\Defogger.exe
2013-08-22 22:31 - 2013-08-22 22:34 - 00000000 ____D C:\sh4ldr
2013-08-22 11:58 - 2013-08-22 11:58 - 00000000 ____D C:\Users\Sebastian\Ein Herz und eine Seele
2013-08-22 01:19 - 2013-08-24 20:45 - 00000000 ____D C:\AdwCleaner
2013-08-22 01:19 - 2013-08-24 20:18 - 00994642 _____ C:\Users\Sebastian\Desktop\AdwCleaner.exe
2013-08-21 21:49 - 2013-08-21 21:51 - 00000000 ____D C:\Users\Sebastian\Desktop\VEGAN
2013-08-21 15:03 - 2013-08-21 15:03 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-08-21 10:54 - 2013-08-22 00:08 - 00000000 ____D C:\Users\Sebastian\Desktop\Marc Bekoff. Das unnötige Leiden der Tiere (2001)
2013-08-19 22:20 - 2013-08-19 22:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Hey Veganer! (youtube.com)
2013-08-19 21:39 - 2013-08-19 22:05 - 34683132 _____ C:\Users\Sebastian\Desktop\Warum haben Tiere Rechte.flv
2013-08-19 15:55 - 2013-07-24 04:10 - 00041160 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-08-19 15:54 - 2013-08-19 15:56 - 00000878 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-15 00:14 - 2013-08-15 00:16 - 46940808 _____ C:\Users\Sebastian\Desktop\Warum essen wir nicht unsere Haustiere_ Melanie Joy im Interview.flv
2013-08-14 13:31 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:31 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 13:31 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:31 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 13:31 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 13:31 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:30 - 2013-07-24 02:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 13:30 - 2013-07-24 02:32 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 13:30 - 2013-07-24 01:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 13:30 - 2013-07-24 01:49 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 13:30 - 2013-07-24 01:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 13:30 - 2013-07-24 01:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 13:30 - 2013-07-24 01:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-14 13:30 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:30 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:30 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:29 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:29 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:29 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-01 00:00 - 2013-08-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 18:12 - 2013-07-28 18:10 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-28 11:11 - 2013-07-28 11:11 - 00000000 ____D C:\ProgramData\hssff
2013-07-27 17:39 - 2013-08-11 09:27 - 00000000 ____D C:\Users\Sebastian\Desktop\KEIN PLASTIK
2013-07-25 11:34 - 2013-07-25 11:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-25 11:32 - 2013-08-22 23:09 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
==================== One Month Modified Files and Folders =======
2013-08-24 21:37 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-24 21:36 - 2013-08-24 21:36 - 01070693 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST.exe
2013-08-24 21:30 - 2011-10-24 19:17 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 21:08 - 2013-03-05 13:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 21:07 - 2013-08-24 21:07 - 00004622 _____ C:\Users\Sebastian\Desktop\JRT.txt
2013-08-24 21:00 - 2013-08-24 21:00 - 01021434 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2013-08-24 21:00 - 2013-08-24 21:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 20:53 - 2012-07-01 20:41 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2013-08-24 20:52 - 2013-08-24 20:52 - 00062851 _____ C:\Users\Sebastian\Desktop\AdwCleaner[S1].txt
2013-08-24 20:51 - 2011-06-30 10:18 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-08-24 20:50 - 2011-10-24 19:17 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-24 20:49 - 2009-07-22 06:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-08-24 20:49 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 20:49 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 20:49 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 20:47 - 2012-03-24 08:56 - 02016713 _____ C:\Windows\WindowsUpdate.log
2013-08-24 20:47 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 20:45 - 2013-08-22 01:19 - 00000000 ____D C:\AdwCleaner
2013-08-24 20:44 - 2013-07-20 17:39 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Common
2013-08-24 20:27 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-08-24 20:18 - 2013-08-22 01:19 - 00994642 _____ C:\Users\Sebastian\Desktop\AdwCleaner.exe
2013-08-24 20:07 - 2013-08-23 20:19 - 00001294 _____ C:\Windows\PFRO.log
2013-08-24 20:07 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-24 18:16 - 2013-02-07 18:18 - 00000871 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 18:16 - 2011-01-25 18:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-24 18:11 - 2013-08-24 18:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 18:01 - 2013-08-24 17:59 - 00000000 ____D C:\Users\Sebastian\Desktop\LocalCDDB
2013-08-24 17:59 - 2013-08-24 17:59 - 00000000 ____D C:\Users\Sebastian\Desktop\Patti Smith. Banga (WAVE)
2013-08-24 08:09 - 2013-08-24 08:09 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger (1).exe
2013-08-24 07:38 - 2009-04-04 15:08 - 00006944 _____ C:\Users\SEBAST~1\AppData\Local\d3d9caps.dat
2013-08-24 07:37 - 2009-11-18 14:28 - 00000426 ____H C:\Windows\Tasks\User_Feed_Synchronization-{02653207-0637-447F-B9C7-8F48139372F2}.job
2013-08-24 04:54 - 2013-08-24 04:54 - 00024490 _____ C:\Users\Sebastian\Desktop\Combofix.txt
2013-08-24 04:54 - 2010-02-09 00:51 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Apps\2.0
2013-08-24 04:53 - 2013-08-24 04:53 - 00024490 _____ C:\ComboFix.txt
2013-08-24 04:53 - 2013-08-23 20:26 - 00000000 ____D C:\ComboFix
2013-08-24 04:53 - 2013-08-23 20:04 - 00000000 ____D C:\Qoobox
2013-08-23 20:52 - 2013-08-23 20:03 - 00000000 ____D C:\Windows\erdnt
2013-08-23 20:51 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-23 20:49 - 2012-06-29 19:53 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\convert
2013-08-23 20:19 - 2013-03-12 17:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-23 20:13 - 2013-08-23 20:13 - 00000000 ____D C:\Users\Sebastian\Documents\ProcAlyzer Dumps
2013-08-23 20:13 - 2013-03-12 17:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-23 19:57 - 2013-08-23 19:57 - 05111180 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe
2013-08-23 18:57 - 2013-08-23 18:57 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger.exe
2013-08-23 18:56 - 2013-08-23 18:56 - 00000000 ____D C:\Users\Sebastian\Desktop\Logfiles für trojaner-board.de
2013-08-23 18:15 - 2013-08-23 18:15 - 01110476 _____ C:\Users\Sebastian\Desktop\7z920.exe
2013-08-23 18:15 - 2013-08-23 18:15 - 00000000 ____D C:\Program Files\7-Zip
2013-08-23 17:16 - 2009-01-19 10:25 - 00000000 ____D C:\Users\Sebastian
2013-08-23 12:15 - 2009-01-20 00:03 - 00241152 _____ C:\Users\SEBAST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-23 11:35 - 2013-08-23 11:35 - 00377856 _____ C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\FRST
2013-08-23 11:20 - 2013-08-23 11:19 - 00000480 _____ C:\Users\Sebastian\Desktop\defogger_disable.log
2013-08-23 11:18 - 2013-08-23 11:18 - 00050477 _____ C:\Users\Sebastian\Desktop\Defogger.exe
2013-08-22 23:54 - 2011-01-24 20:00 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2013-08-22 23:31 - 2009-09-01 17:10 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-22 23:16 - 2009-01-19 10:26 - 00135992 _____ C:\Users\SEBAST~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-22 23:11 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-22 23:10 - 2006-11-02 12:22 - 60817408 _____ C:\Windows\system32\config\software_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 45875200 _____ C:\Windows\system32\config\components_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 25427968 _____ C:\Windows\system32\config\system_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00024576 _____ C:\Windows\system32\config\security_previous
2013-08-22 23:09 - 2013-07-25 11:32 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-22 23:09 - 2012-07-28 12:05 - 00000000 ____D C:\Program Files\MurGee Auto Mouse Click
2013-08-22 23:09 - 2011-11-14 22:09 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Akamai
2013-08-22 23:09 - 2011-01-24 20:00 - 00000000 ____D C:\Program Files\Unlocker
2013-08-22 23:09 - 2010-12-17 13:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-08-22 23:09 - 2010-08-26 19:19 - 00000000 ____D C:\Users\Sebastian\Philosophie
2013-08-22 23:09 - 2010-08-26 19:17 - 00000000 ____D C:\Users\Sebastian\Körper und Psyche
2013-08-22 23:09 - 2010-04-03 14:46 - 00000000 ____D C:\Users\Sebastian\Hörbücher + Vorträge
2013-08-22 23:09 - 2009-04-18 19:11 - 00000000 ____D C:\Program Files\NCH Swift Sound
2013-08-22 23:09 - 2009-04-18 19:11 - 00000000 ____D C:\Program Files\NCH Software
2013-08-22 23:09 - 2009-03-30 13:04 - 00000000 ____D C:\Users\Sebastian\Lyrik
2013-08-22 23:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-22 23:08 - 2013-04-05 18:57 - 00000000 ____D C:\Program Files\Exact Audio Copy
2013-08-22 23:08 - 2009-07-12 20:24 - 00000000 ____D C:\Program Files\DVD Ripper Wizard
2013-08-22 23:08 - 2009-01-26 12:54 - 00000000 ____D C:\Program Files\DivX
2013-08-22 23:08 - 2008-10-07 17:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-22 23:08 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-08-22 22:34 - 2013-08-22 22:31 - 00000000 ____D C:\sh4ldr
2013-08-22 22:34 - 2012-05-09 11:54 - 00000000 ____D C:\ProgramData\NCH Software
2013-08-22 12:27 - 2010-08-26 19:17 - 00000000 ____D C:\Users\Sebastian\Körper und Psyche (A-Z)
2013-08-22 12:18 - 2010-04-03 14:46 - 00000000 ____D C:\Users\Sebastian\Hörbücher + Vorträge + Podcasts
2013-08-22 12:14 - 2010-08-26 19:19 - 00000000 ____D C:\Users\Sebastian\Literatur
2013-08-22 12:13 - 2008-10-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-22 11:58 - 2013-08-22 11:58 - 00000000 ____D C:\Users\Sebastian\Ein Herz und eine Seele
2013-08-22 01:48 - 2012-05-09 11:51 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\NCH Software
2013-08-22 01:24 - 2009-04-18 19:12 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\NCH Swift Sound
2013-08-22 01:22 - 2009-05-16 00:06 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-22 01:22 - 2009-01-19 12:20 - 00000000 ____D C:\ProgramData\ICQ
2013-08-22 00:53 - 2008-01-21 09:16 - 00875622 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 00:42 - 2009-04-07 16:18 - 00000000 ____D C:\Users\Sebastian\Desktop\Isabella
2013-08-22 00:15 - 2013-04-05 17:30 - 00000000 ____D C:\Users\Sebastian\Desktop\CDex
2013-08-22 00:08 - 2013-08-21 10:54 - 00000000 ____D C:\Users\Sebastian\Desktop\Marc Bekoff. Das unnötige Leiden der Tiere (2001)
2013-08-21 22:08 - 2013-03-05 13:03 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 22:08 - 2011-12-09 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 21:51 - 2013-08-21 21:49 - 00000000 ____D C:\Users\Sebastian\Desktop\VEGAN
2013-08-21 15:03 - 2013-08-21 15:03 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-08-21 15:03 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-19 22:20 - 2013-08-19 22:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Hey Veganer! (youtube.com)
2013-08-19 22:05 - 2013-08-19 21:39 - 34683132 _____ C:\Users\Sebastian\Desktop\Warum haben Tiere Rechte.flv
2013-08-19 15:56 - 2013-08-19 15:54 - 00000878 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-15 13:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 12:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 11:10 - 2013-08-01 00:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:56 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-15 00:16 - 2013-08-15 00:14 - 46940808 _____ C:\Users\Sebastian\Desktop\Warum essen wir nicht unsere Haustiere_ Melanie Joy im Interview.flv
2013-08-11 09:27 - 2013-07-27 17:39 - 00000000 ____D C:\Users\Sebastian\Desktop\KEIN PLASTIK
2013-08-09 16:40 - 2012-07-01 20:41 - 00000000 ____D C:\Users\Sebastian\Documents\TuneClone
2013-07-28 18:12 - 2008-10-07 16:32 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-28 18:10 - 2013-07-28 18:12 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-28 18:10 - 2013-02-07 16:18 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-07-28 18:10 - 2011-04-13 16:00 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-28 18:10 - 2008-10-07 16:32 - 00000000 ____D C:\Program Files\Java
2013-07-28 15:16 - 2012-02-19 15:42 - 00000000 ____D C:\Program Files\Bullfrog
2013-07-28 11:19 - 2009-01-20 18:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-28 11:11 - 2013-07-28 11:11 - 00000000 ____D C:\ProgramData\hssff
2013-07-26 12:18 - 2013-03-20 13:12 - 00000038 _____ C:\Windows\AviSplitter.INI
2013-07-25 11:34 - 2013-07-25 11:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-25 09:37 - 2010-12-07 17:22 - 00000000 ____D C:\Program Files\UltimateZip
Files to move or delete:
====================
C:\Users\SEBAST~1\AppData\Local\Temp\Quarantine.exe
C:\Users\SEBAST~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\SEBAST~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-24 20:56
==================== End Of Log ============================
Danke für die Hilfe. Gruß, Hungry Ghost |
|
25.08.2013, 06:09
| #6 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ |
|
25.08.2013, 16:01
| #7 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Danke! Der ESET-Scan dauerte wieder ganz schön lange, über 5 Stunden.. Hier die drei gewünschten Logfiles: --------------------------------------------------------------------------------------- 1. ESET-Logfile: --------------------------------------------------------------------------------------- Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=982b9d36a0df5d439a7078323d6db2db
# engine=14893
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-25 02:24:55
# local_time=2013-08-25 04:24:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 19016 242863985 11719 0
# compatibility_mode=5892 16776574 100 100 117731 214973423 0 0
# scanned=277322
# found=7
# cleaned=0
# scan_time=18645
sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrOwwsae2saevEe\514a035c018d2.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=B18D2E7AC7D554B9E7146E6BB0ADB42CE5E945C7 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\extensions\jyu_k@vmqhpwftiy.co.uk\content\bg.js"
sh=CBF8533B53B37CDD056E5A2C960A0AC75CF8BE88 ft=1 fh=ada67dd13befe0ec vn="Win32/Adware.RK.AP application" ac=I fn="C:\Users\Sebastian\Musik- und Videodownload-Programme\FLACToMP3Converter.exe"
sh=CBF8533B53B37CDD056E5A2C960A0AC75CF8BE88 ft=1 fh=ada67dd13befe0ec vn="Win32/Adware.RK.AP application" ac=I fn="H:\13. Musik- und Videodownload-Programme\FLACToMP3Converter.exe"
--------------------------------------------------------------------------------------- 2. SECURITY CHECK-Logfile: --------------------------------------------------------------------------------------- Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Trojan Remover 6.8.5 Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Wise Registry Cleaner Free 5.61 Java(TM) 6 Update 39 Java 7 Update 25 Java(TM) 6 Update 3 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 4.0 Firefox out of Date! Google Chrome 28.0.1500.95 Google Chrome 29.0.1547.57 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe TOSHIBA Toshiba Online Product Information TOPI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` --------------------------------------------------------------------------------------- 3. FRST-Logfile: --------------------------------------------------------------------------------------- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-08-2013
Ran by Sebastian (administrator) on 25-08-2013 16:44:35
Running from C:\Users\Sebastian\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Windows\system32\PSIService.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(TuneClone.COM) C:\Program Files\TuneClone\TuneClone.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\p2phost.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe [x]
HKLM\...\Run: [Toshiba TEMPO] - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [QuickFinder Scheduler] - C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TuneClone] - C:\Program Files\TuneClone\TuneClone.exe [4550656 2012-02-24] (TuneClone.COM)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [TrojanScanner] - C:\Program Files\Trojan Remover\Trjscan.exe [1247504 2012-09-14] (Simply Super Software)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-06-20] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [CollaborationHost] - C:\Windows\system32\p2phost.exe [192000 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1479680 2010-05-14] (Nokia)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-24] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\fbwuser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\fbwuser\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
ShortcutTarget: Metacafe.lnk -> C:\Program Files\Metacafe\MetacafeAgent.exe (Metacafe)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU -No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\29.0.1547.57\npchrome_frame.dll (Google Inc.)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{432464BA-CDAD-4B34-900E-178E765E3DBA}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default
FF NewTab: about:blank
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 52505
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Magic 3GP Video Converter\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Magic 3GP Video Converter\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 - C:\Users\Sebastian\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\searchplugins\search_the_web.xml
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Mein Gutscheincode Finder - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\finder@meingutscheincode.de
FF Extension: No Name - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\informationaltab@piro.sakura.ne.jp
FF Extension: BrOwwsae2saevEe - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\jyu_k@vmqhpwftiy.co.uk
FF Extension: Smart Bookmarks Bar - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\smartbookmarksbar@remy.juteau
FF Extension: YouPlayer - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\youplayer@addons.mozilla.org
FF Extension: Screengrab - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF Extension: Site Launcher - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: DownTango Launcher - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{411beae9-8c58-477c-8903-201536f61512}
FF Extension: Stylish - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF Extension: Yahoo! Toolbar - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Interclue - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
FF Extension: dvscontextmenuy - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\i2cb9wbv.default\Extensions\dvscontextmenuy@dvdvideosoft.com
FF Extension: VideoGet FireFox extension - C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] C:\Program Files\AVG\AVG9\Firefox
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://www.google.de/webhp?source=search_app&gws_rd=cr"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Users\Sebastian\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Plus-HD-2.3) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.24.60_0
CHR Extension: (Google Reader) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\SEBAST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [aaaaplmcbjhigpfkmaffahlojgchbgfk] - C:\Users\Sebastian\AppData\Local\APN\GoogleCRXs\aaaaplmcbjhigpfkmaffahlojgchbgfk_7.14.1.0.crx
CHR HKLM\...\Chrome\Extension: [gladcbhcbkdeddbidiblppadjdjalidb] - C:\Program Files\DownTangoFTToolbar\chrome\DownTangoFTToolbar.crx
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-09] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [x]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-07-24] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2011-06-29] (microOLAP Technologies LTD)
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2011-06-29] (microOLAP Technologies LTD)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [28776 2012-02-24] (TuneClone Software)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 uscbs108; system32\DRIVERS\uscbs108.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 16:39 - 2013-08-25 16:39 - 00001301 _____ C:\Users\Sebastian\Desktop\checkup.txt
2013-08-25 16:30 - 2013-08-25 16:30 - 00891115 _____ C:\Users\Sebastian\Desktop\SecurityCheck.exe
2013-08-25 16:17 - 2013-08-25 16:17 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger.exe
2013-08-25 11:11 - 2013-08-25 11:11 - 00000000 ____D C:\Program Files\ESET
2013-08-25 11:09 - 2013-08-25 11:09 - 02347384 _____ (ESET) C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe
2013-08-25 11:08 - 2013-08-25 11:08 - 00000796 _____ C:\Windows\setupact.log
2013-08-25 11:08 - 2013-08-25 11:08 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 01:25 - 2013-08-25 01:25 - 00017794 _____ C:\Users\Sebastian\Desktop\Druckversion - Karnismus-Forscherin Joy Bio-Fleisch ist ein Mythos - SPIEGEL ONLINE - Nachrichten - Wirtschaft.htm
2013-08-25 01:25 - 2013-08-25 01:25 - 00000000 ____D C:\Users\Sebastian\Desktop\Druckversion - Karnismus-Forscherin Joy Bio-Fleisch ist ein Mythos - SPIEGEL ONLINE - Nachrichten - Wirtschaft_files
2013-08-24 22:58 - 2013-08-24 22:58 - 01478441 _____ C:\Users\Sebastian\Desktop\Want to laugh_ See hedgehog making funny faces.flv
2013-08-24 22:08 - 2013-08-24 22:08 - 00000000 ____D C:\Users\Sebastian\Desktop\Tassenkuchen Schoko (Isabella, 23.08.2013)
2013-08-24 22:07 - 2013-08-24 22:08 - 00000000 ____D C:\Users\Sebastian\Desktop\Kidneybohnenbratlinge (Isabella, 23.08.2013)
2013-08-24 22:00 - 2013-08-24 22:01 - 00000000 ____D C:\Users\Sebastian\Desktop\Wasserkocher Edelstahl (24.08.2013)
2013-08-24 21:59 - 2013-08-24 22:00 - 00000000 ____D C:\Users\Sebastian\Desktop\Weinfest am Marktplatz (23.08.2013)
2013-08-24 21:00 - 2013-08-24 21:00 - 01021434 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2013-08-24 21:00 - 2013-08-24 21:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 18:11 - 2013-08-24 18:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 17:59 - 2013-08-24 18:01 - 00000000 ____D C:\Users\Sebastian\Desktop\LocalCDDB
2013-08-24 04:54 - 2013-08-24 04:54 - 00024490 _____ C:\Users\Sebastian\Desktop\Combofix.txt
2013-08-24 04:53 - 2013-08-24 04:53 - 00024490 _____ C:\ComboFix.txt
2013-08-23 20:26 - 2013-08-24 04:53 - 00000000 ____D C:\ComboFix
2013-08-23 20:26 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-23 20:26 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-23 20:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-23 20:26 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-23 20:19 - 2013-08-24 20:07 - 00001294 _____ C:\Windows\PFRO.log
2013-08-23 20:13 - 2013-08-23 20:13 - 00000000 ____D C:\Users\Sebastian\Documents\ProcAlyzer Dumps
2013-08-23 20:04 - 2013-08-24 04:53 - 00000000 ____D C:\Qoobox
2013-08-23 20:03 - 2013-08-23 20:52 - 00000000 ____D C:\Windows\erdnt
2013-08-23 19:57 - 2013-08-23 19:57 - 05111180 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe
2013-08-23 18:56 - 2013-08-24 22:09 - 00000000 ____D C:\Users\Sebastian\Desktop\Logfiles für trojaner-board.de
2013-08-23 18:15 - 2013-08-23 18:15 - 01110476 _____ C:\Users\Sebastian\Desktop\7z920.exe
2013-08-23 18:15 - 2013-08-23 18:15 - 00000000 ____D C:\Program Files\7-Zip
2013-08-23 11:35 - 2013-08-23 11:35 - 00377856 _____ C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\FRST
2013-08-23 11:19 - 2013-08-23 11:20 - 00000480 _____ C:\Users\Sebastian\Desktop\defogger_disable.log
2013-08-23 11:18 - 2013-08-23 11:18 - 00050477 _____ C:\Users\Sebastian\Desktop\Defogger.exe
2013-08-22 22:31 - 2013-08-22 22:34 - 00000000 ____D C:\sh4ldr
2013-08-22 11:58 - 2013-08-22 11:58 - 00000000 ____D C:\Users\Sebastian\Ein Herz und eine Seele
2013-08-22 01:19 - 2013-08-24 20:45 - 00000000 ____D C:\AdwCleaner
2013-08-22 01:19 - 2013-08-24 20:18 - 00994642 _____ C:\Users\Sebastian\Desktop\AdwCleaner.exe
2013-08-21 21:49 - 2013-08-21 21:51 - 00000000 ____D C:\Users\Sebastian\Desktop\VEGAN
2013-08-21 15:03 - 2013-08-21 15:03 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-08-21 10:54 - 2013-08-22 00:08 - 00000000 ____D C:\Users\Sebastian\Desktop\Marc Bekoff. Das unnötige Leiden der Tiere (2001)
2013-08-19 22:20 - 2013-08-19 22:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Hey Veganer! (youtube.com)
2013-08-19 21:39 - 2013-08-19 22:05 - 34683132 _____ C:\Users\Sebastian\Desktop\Warum haben Tiere Rechte.flv
2013-08-19 15:55 - 2013-07-24 04:10 - 00041160 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-08-19 15:54 - 2013-08-19 15:56 - 00000878 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-15 00:14 - 2013-08-15 00:16 - 46940808 _____ C:\Users\Sebastian\Desktop\Warum essen wir nicht unsere Haustiere_ Melanie Joy im Interview.flv
2013-08-14 13:31 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 13:31 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 13:31 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 13:31 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 13:31 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 13:31 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 13:30 - 2013-07-24 02:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-14 13:30 - 2013-07-24 02:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 13:30 - 2013-07-24 02:32 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-14 13:30 - 2013-07-24 02:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 13:30 - 2013-07-24 01:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 13:30 - 2013-07-24 01:49 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 13:30 - 2013-07-24 01:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 13:30 - 2013-07-24 01:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 13:30 - 2013-07-24 01:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-14 13:30 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 13:30 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 13:30 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 13:29 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 13:29 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 13:29 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-01 00:00 - 2013-08-15 11:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 18:12 - 2013-07-28 18:10 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-28 18:11 - 2013-07-28 18:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-28 11:11 - 2013-07-28 11:11 - 00000000 ____D C:\ProgramData\hssff
2013-07-27 17:39 - 2013-08-11 09:27 - 00000000 ____D C:\Users\Sebastian\Desktop\KEIN PLASTIK
==================== One Month Modified Files and Folders =======
2013-08-25 16:44 - 2013-08-25 16:44 - 01070459 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST.exe
2013-08-25 16:41 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-08-25 16:39 - 2013-08-25 16:39 - 00001301 _____ C:\Users\Sebastian\Desktop\checkup.txt
2013-08-25 16:30 - 2013-08-25 16:30 - 00891115 _____ C:\Users\Sebastian\Desktop\SecurityCheck.exe
2013-08-25 16:30 - 2011-10-24 19:17 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-25 16:17 - 2013-08-25 16:17 - 00938096 _____ C:\Users\Sebastian\Downloads\goldentiger.exe
2013-08-25 16:08 - 2013-03-05 13:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 15:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 15:01 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 13:56 - 2012-03-24 08:56 - 02029386 _____ C:\Windows\WindowsUpdate.log
2013-08-25 12:38 - 2011-10-24 19:17 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-25 11:11 - 2013-08-25 11:11 - 00000000 ____D C:\Program Files\ESET
2013-08-25 11:11 - 2008-01-21 09:16 - 00875622 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 11:09 - 2013-08-25 11:09 - 02347384 _____ (ESET) C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe
2013-08-25 11:08 - 2013-08-25 11:08 - 00000796 _____ C:\Windows\setupact.log
2013-08-25 11:08 - 2013-08-25 11:08 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 11:05 - 2012-07-01 20:41 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2013-08-25 11:04 - 2009-11-18 14:28 - 00000426 ____H C:\Windows\Tasks\User_Feed_Synchronization-{02653207-0637-447F-B9C7-8F48139372F2}.job
2013-08-25 11:02 - 2011-06-30 10:18 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-08-25 11:02 - 2009-07-22 06:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-08-25 11:01 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 01:31 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-25 01:25 - 2013-08-25 01:25 - 00017794 _____ C:\Users\Sebastian\Desktop\Druckversion - Karnismus-Forscherin Joy Bio-Fleisch ist ein Mythos - SPIEGEL ONLINE - Nachrichten - Wirtschaft.htm
2013-08-25 01:25 - 2013-08-25 01:25 - 00000000 ____D C:\Users\Sebastian\Desktop\Druckversion - Karnismus-Forscherin Joy Bio-Fleisch ist ein Mythos - SPIEGEL ONLINE - Nachrichten - Wirtschaft_files
2013-08-24 22:58 - 2013-08-24 22:58 - 01478441 _____ C:\Users\Sebastian\Desktop\Want to laugh_ See hedgehog making funny faces.flv
2013-08-24 22:09 - 2013-08-23 18:56 - 00000000 ____D C:\Users\Sebastian\Desktop\Logfiles für trojaner-board.de
2013-08-24 22:08 - 2013-08-24 22:08 - 00000000 ____D C:\Users\Sebastian\Desktop\Tassenkuchen Schoko (Isabella, 23.08.2013)
2013-08-24 22:08 - 2013-08-24 22:07 - 00000000 ____D C:\Users\Sebastian\Desktop\Kidneybohnenbratlinge (Isabella, 23.08.2013)
2013-08-24 22:01 - 2013-08-24 22:00 - 00000000 ____D C:\Users\Sebastian\Desktop\Wasserkocher Edelstahl (24.08.2013)
2013-08-24 22:00 - 2013-08-24 21:59 - 00000000 ____D C:\Users\Sebastian\Desktop\Weinfest am Marktplatz (23.08.2013)
2013-08-24 21:37 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-08-24 21:00 - 2013-08-24 21:00 - 01021434 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2013-08-24 21:00 - 2013-08-24 21:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 20:45 - 2013-08-22 01:19 - 00000000 ____D C:\AdwCleaner
2013-08-24 20:44 - 2013-07-20 17:39 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Common
2013-08-24 20:18 - 2013-08-22 01:19 - 00994642 _____ C:\Users\Sebastian\Desktop\AdwCleaner.exe
2013-08-24 20:07 - 2013-08-23 20:19 - 00001294 _____ C:\Windows\PFRO.log
2013-08-24 20:07 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-24 18:16 - 2013-02-07 18:18 - 00000871 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 18:16 - 2011-01-25 18:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-24 18:11 - 2013-08-24 18:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 18:01 - 2013-08-24 17:59 - 00000000 ____D C:\Users\Sebastian\Desktop\LocalCDDB
2013-08-24 07:38 - 2009-04-04 15:08 - 00006944 _____ C:\Users\SEBAST~1\AppData\Local\d3d9caps.dat
2013-08-24 04:54 - 2013-08-24 04:54 - 00024490 _____ C:\Users\Sebastian\Desktop\Combofix.txt
2013-08-24 04:54 - 2010-02-09 00:51 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Apps\2.0
2013-08-24 04:53 - 2013-08-24 04:53 - 00024490 _____ C:\ComboFix.txt
2013-08-24 04:53 - 2013-08-23 20:26 - 00000000 ____D C:\ComboFix
2013-08-24 04:53 - 2013-08-23 20:04 - 00000000 ____D C:\Qoobox
2013-08-23 20:52 - 2013-08-23 20:03 - 00000000 ____D C:\Windows\erdnt
2013-08-23 20:51 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-23 20:49 - 2012-06-29 19:53 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\convert
2013-08-23 20:19 - 2013-03-12 17:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-23 20:13 - 2013-08-23 20:13 - 00000000 ____D C:\Users\Sebastian\Documents\ProcAlyzer Dumps
2013-08-23 20:13 - 2013-03-12 17:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-23 19:57 - 2013-08-23 19:57 - 05111180 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe
2013-08-23 18:15 - 2013-08-23 18:15 - 01110476 _____ C:\Users\Sebastian\Desktop\7z920.exe
2013-08-23 18:15 - 2013-08-23 18:15 - 00000000 ____D C:\Program Files\7-Zip
2013-08-23 17:16 - 2009-01-19 10:25 - 00000000 ____D C:\Users\Sebastian
2013-08-23 12:15 - 2009-01-20 00:03 - 00241152 _____ C:\Users\SEBAST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-23 11:35 - 2013-08-23 11:35 - 00377856 _____ C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\FRST
2013-08-23 11:20 - 2013-08-23 11:19 - 00000480 _____ C:\Users\Sebastian\Desktop\defogger_disable.log
2013-08-23 11:18 - 2013-08-23 11:18 - 00050477 _____ C:\Users\Sebastian\Desktop\Defogger.exe
2013-08-22 23:54 - 2011-01-24 20:00 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2013-08-22 23:31 - 2009-09-01 17:10 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-22 23:16 - 2009-01-19 10:26 - 00135992 _____ C:\Users\SEBAST~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-22 23:11 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-22 23:10 - 2006-11-02 12:22 - 60817408 _____ C:\Windows\system32\config\software_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 45875200 _____ C:\Windows\system32\config\components_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 25427968 _____ C:\Windows\system32\config\system_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-22 23:10 - 2006-11-02 12:22 - 00024576 _____ C:\Windows\system32\config\security_previous
2013-08-22 23:09 - 2013-07-25 11:32 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-22 23:09 - 2012-07-28 12:05 - 00000000 ____D C:\Program Files\MurGee Auto Mouse Click
2013-08-22 23:09 - 2011-11-14 22:09 - 00000000 ____D C:\Users\SEBAST~1\AppData\Local\Akamai
2013-08-22 23:09 - 2011-01-24 20:00 - 00000000 ____D C:\Program Files\Unlocker
2013-08-22 23:09 - 2010-12-17 13:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2013-08-22 23:09 - 2010-08-26 19:19 - 00000000 ____D C:\Users\Sebastian\Philosophie
2013-08-22 23:09 - 2010-08-26 19:17 - 00000000 ____D C:\Users\Sebastian\Körper und Psyche
2013-08-22 23:09 - 2010-04-03 14:46 - 00000000 ____D C:\Users\Sebastian\Hörbücher + Vorträge
2013-08-22 23:09 - 2009-04-18 19:11 - 00000000 ____D C:\Program Files\NCH Swift Sound
2013-08-22 23:09 - 2009-04-18 19:11 - 00000000 ____D C:\Program Files\NCH Software
2013-08-22 23:09 - 2009-03-30 13:04 - 00000000 ____D C:\Users\Sebastian\Lyrik
2013-08-22 23:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-22 23:08 - 2013-04-05 18:57 - 00000000 ____D C:\Program Files\Exact Audio Copy
2013-08-22 23:08 - 2009-07-12 20:24 - 00000000 ____D C:\Program Files\DVD Ripper Wizard
2013-08-22 23:08 - 2009-01-26 12:54 - 00000000 ____D C:\Program Files\DivX
2013-08-22 23:08 - 2008-10-07 17:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-22 23:08 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-08-22 22:34 - 2013-08-22 22:31 - 00000000 ____D C:\sh4ldr
2013-08-22 22:34 - 2012-05-09 11:54 - 00000000 ____D C:\ProgramData\NCH Software
2013-08-22 12:27 - 2010-08-26 19:17 - 00000000 ____D C:\Users\Sebastian\Körper und Psyche (A-Z)
2013-08-22 12:18 - 2010-04-03 14:46 - 00000000 ____D C:\Users\Sebastian\Hörbücher + Vorträge + Podcasts
2013-08-22 12:14 - 2010-08-26 19:19 - 00000000 ____D C:\Users\Sebastian\Literatur
2013-08-22 12:13 - 2008-10-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-22 11:58 - 2013-08-22 11:58 - 00000000 ____D C:\Users\Sebastian\Ein Herz und eine Seele
2013-08-22 01:48 - 2012-05-09 11:51 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\NCH Software
2013-08-22 01:24 - 2009-04-18 19:12 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\NCH Swift Sound
2013-08-22 01:22 - 2009-05-16 00:06 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-22 01:22 - 2009-01-19 12:20 - 00000000 ____D C:\ProgramData\ICQ
2013-08-22 00:42 - 2009-04-07 16:18 - 00000000 ____D C:\Users\Sebastian\Desktop\Isabella
2013-08-22 00:15 - 2013-04-05 17:30 - 00000000 ____D C:\Users\Sebastian\Desktop\CDex
2013-08-22 00:08 - 2013-08-21 10:54 - 00000000 ____D C:\Users\Sebastian\Desktop\Marc Bekoff. Das unnötige Leiden der Tiere (2001)
2013-08-21 22:08 - 2013-03-05 13:03 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 22:08 - 2011-12-09 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 21:51 - 2013-08-21 21:49 - 00000000 ____D C:\Users\Sebastian\Desktop\VEGAN
2013-08-21 15:03 - 2013-08-21 15:03 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-08-21 15:03 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-19 22:20 - 2013-08-19 22:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Hey Veganer! (youtube.com)
2013-08-19 22:05 - 2013-08-19 21:39 - 34683132 _____ C:\Users\Sebastian\Desktop\Warum haben Tiere Rechte.flv
2013-08-19 15:56 - 2013-08-19 15:54 - 00000878 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-08-15 13:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 12:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 11:10 - 2013-08-01 00:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:56 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-15 00:16 - 2013-08-15 00:14 - 46940808 _____ C:\Users\Sebastian\Desktop\Warum essen wir nicht unsere Haustiere_ Melanie Joy im Interview.flv
2013-08-11 09:27 - 2013-07-27 17:39 - 00000000 ____D C:\Users\Sebastian\Desktop\KEIN PLASTIK
2013-08-09 16:40 - 2012-07-01 20:41 - 00000000 ____D C:\Users\Sebastian\Documents\TuneClone
2013-07-28 18:12 - 2008-10-07 16:32 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-28 18:10 - 2013-07-28 18:12 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-28 18:10 - 2013-07-28 18:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-28 18:10 - 2013-02-07 16:18 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-07-28 18:10 - 2011-04-13 16:00 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-28 18:10 - 2008-10-07 16:32 - 00000000 ____D C:\Program Files\Java
2013-07-28 15:16 - 2012-02-19 15:42 - 00000000 ____D C:\Program Files\Bullfrog
2013-07-28 11:19 - 2009-01-20 18:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-28 11:11 - 2013-07-28 11:11 - 00000000 ____D C:\ProgramData\hssff
2013-07-26 12:18 - 2013-03-20 13:12 - 00000038 _____ C:\Windows\AviSplitter.INI
Files to move or delete:
====================
C:\Users\SEBAST~1\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\SEBAST~1\AppData\Local\Temp\Quarantine.exe
C:\Users\SEBAST~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\SEBAST~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-25 11:10
==================== End Of Log ============================
Woran erkenne ich nun, ob mein Laptop frei von Malware ist? Sind noch weitere Scans notwendig? Ich bin echt totaler Laie und habe keine Ahnung.. Welchen Virenschutz sollte ich außerdem auf meinem Rechner installiert haben, um in Zukunft neue Infektionen zu vermeiden? Kaspersky Pure 3.0 ? Norton Internet Security? Oder reicht das kostenlose Avira aus? Offenbar ja nicht.. Gruß, Hungry Ghost |
|
25.08.2013, 19:47
| #8 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Adobe und Windows updaten. Firefox deinstallieren, keine Daten behalten, neu installieren. Alles an AV Programmen deinstallieren, nimm Avast. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 52505
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2013, 15:53
| #9 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hallo schrauber, habe Adobe geupdatet, das Windows-Update (Win Future) dauerte sehr lange, konnte außerdem leider nicht vollständig abgeschlossen werden, blieb nach etwa 90 % der Installation extrem lange bei einem Update stehen, sodass ich abbrechen musste. Firefox hab ich deinstalliert, funktioniert nach Neuinstallation nun einwandfrei. Avira hab ich deinstalliert, Avast ist nun drauf, muss mich nur noch kostenlos registrieren, gehe davon aus, dass es auch nach Ablauf der 30 Tage kostenlos ist. Scheint jedenfalls so zu sein. TFC habe ich ausgeführt, hier ist die Fixlist, die ich erhalten habe: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-08-2013
Ran by Sebastian at 2013-08-26 16:44:18 Run:1
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 52505
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
*****************
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
esgiguard => Service deleted successfully.
==== End of Fixlog ====
Gruß, Hungry Ghost |
|
26.08.2013, 18:16
| #10 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Ja bleibt kostenlos Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2013, 21:22
| #11 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hallo schrauber, vielen Dank für deine Hilfe und die nützlichen Tipps, werde mir die empfohlenen Programme herunterladen und versuchen, mein System up to date zu halten. Die Schritte 1-4 habe ich ausgeführt. Nach dem Neustart geht nun der Firefox-Browser seltsamerweise nicht auf. Nur Internet Explorer funktioniert und Google Chrome spinnt. D.h. er öffnet sich, aber kurz darauf steht oben in der Browserleiste "(Keine Rückmeldung)" und ich muss den Browser schließen, da er nicht reagiert. Damit habe ich schon länger Probleme. Meist geht es nur problemlos, wenn ich direkt nach Neustart ganz schnell Chrome mit Doppelklick anklicke und dann nach Abwarten bis der Rechner ganz hochgefahren ist Chrome sich öffnet und funktioniert. Aber das Firefox nun spinnt, wundert mich. Funktionierte nach Neuinstallation einwandfrei. Jetzt öffnet sich der Browser gar nicht. Naja, das ist ja nicht das passende Thema hier im trojaner-board und ich habe deine Hilfe wohl schon etwas überstrapaziert.. Ich danke dir für deine Hilfe und falls du einen Tipp wegen des Browsers hast, wär nett, wenn du mir einen Anhaltspunkt geben könntest, falls du weißt, woran es liegt. Ansonsten werd ich mal googlen, woran das liegen könnte. Besten Gruß und nochmals vielen Dank für deine tägliche Hilfe! :-) Hungry Ghost |
|
27.08.2013, 10:00
| #12 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Installier beide Browser noch einmal neu, besser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.08.2013, 16:12
| #13 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hallo schrauber, habe Firefox neu installiert, aber es ging trotzdem nicht (bis soeben jedoch, aber nur mit unten beschriebenem komischen Trick). (Google Chrome werd ich noch deinstallieren und gucken, ob es dann besser ist. Momentan geht es nur unter Voraussetzung der unten beschriebenen seltsamen Prozedur). Habe nun nach Neustart nämlich wieder (wie schon seit Langem bei Chrome gewohnt) ganz schnell mehrere Doppelklicks auf die Firefox-Verknüpfung und auf die Chrome-Verknüpfung gemacht und siehe da: nachdem der Rechner zuende hochgefahren ist, öffnen sich nach und nach die Browser-Fenster und Firefox und Chrome funktionieren scheinbar normal, ohne dass sofort die "(Keine Rückmeldung)"-Meldung inklusive Absturz kommt. Ich bin echt ratlos, woran das liegt. Wirklich strange, dass man die Browser nur nutzen kann, wenn man sie unmittelbar nach Erscheinen des Desktops nach Hochfahren des Laptops anklickt. Internet Explorer funktioniert als Einziger IMMER. Also auch, wenn man ihn erst einige Zeit nach Hochfahren des Rechners öffnet.. So sollte es ja auch sein, alles andere ist doch nicht normal. Gruß, Hungry Ghost |
|
27.08.2013, 20:21
| #14 |
| /// the machine /// TB-Ausbilder | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Strange. Öffne bitte FRST, setz nen Haken bei Additional und scanne, poste beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 09:32
| #15 |
| | Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ Hallo schrauber, es hat sich erledigt, die Browser funktionieren wieder normal. :-) Vielen Dank für die mehrtägige Hilfe, das war sehr hilfreich. Ich bin froh, dass ich die Prozedur nun durch habe. Besten Gruß, Hungry Ghost |
|
| Themen zu Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\ |
| bingbar, branding, cracker, device driver, exp/java.hlp.ob, exp/java.mabowl.gen, farbar, farbar recovery scan tool, installation, java/agent.ez, java/belet.a, java/belet.b, java/belet.c, java/belet.h, java/belet.i, java/belet.j, java/belet.k, java/lamar.ttz.42, java/mesdeh.d, java/openstream.l, laufwerk c, ntdll.dll, refresh, rleh/fhtagn.class, search.fbdownloader.com, software, svchost.exe, systweak, tr/downloader.openconnection.as, win32/adware.multiplug.h, win32/adware.multiplug.i, win32/adware.rk.ap, win32/adware.yontoo, win32/adware.yontoo.b, windows, zahlung |
Linear-Darstellung
