|
Plagegeister aller Art und deren Bekämpfung: Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2013, 21:22 | #1 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Hallo, Mein Pc hat sich bei Surfen im Internet was weggeholt, Seither benötigt der Rechner viel länger beim hochfahren, schaltet sich im Browser immer die Seite Code:
ATTFilter http: //www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Code:
ATTFilter http: //gqs.donedrive.netb Habe das Sytem mit Malewarebytes gescannt und mehrere Fehler erkannt: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.27.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 dy :: DY-G42Y4E394HRE [Administrator] 27.08.2013 17:37:48 mbam-log-2013-08-27 (17-37-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 428764 Laufzeit: 58 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1304 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{182a752f-b1ba-420d-ad2a-f01864686c47} (PUP.Optional.LyricXeeker.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{8a4145d9-decb-4d9d-aba7-b79390bcbb17} (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4145D9-DECB-4D9D-ABA7-B79390BCBB17} (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. HKCR\TypeLib\{72e2ef08-5cd1-41f1-b4ed-d8254e29555a} (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. HKCR\Interface\{3a689d97-1f9b-4405-ab80-f8b82d18d4a0} (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Programme\LyriXeeker (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\log (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 25 C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Temp\is1732802001\3326765_Setup.EXE (PUP.Optional.LyricXeeker.A) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Temp\is1732802001\cor_ar_201381417179_qvo6.exe (PUP.Optional.Elex) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\LyriXupdate.exe (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\Uninstall.exe (PUP.Optional.LyricXeeker.A) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\00.crx (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\00.xpi (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\01.crx (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\01.xpi (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\02.crx (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\02.xpi (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\130.crx (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\130.dat (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\130.dll (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\130.xpi (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\crx.dat (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\crx.db (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\xpi.dat (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Programme\LyriXeeker\xpi.db (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\WINDOWS\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eDelayinfo.edb (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\log\eGdpSvc.LOG (PUP.Optional.Esafe.A) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Keine Aktion durchgeführt. (Ende) Ich habe Super Anti Spyware jetzt nochmal drüber laufen lassen : Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 08/27/2013 bei 09:03 PM Version der Applikation : 5.5.1012 Version der Kern-Datenbank : 10723 Version der Spur-Datenbank : 8535 Scan Art : kompletter Scann Totale Scann-Zeit : 00:44:53 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Gescannte Speicherelemente : 557 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 37200 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 46142 Erfasste Datei-Elemente : 0 Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 27.08.2013 10.0.12.36 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.08.2013 11.7.700.224 Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 09.08.2013 122,3MB 10.1.7 Age of Mythology 27.08.2013 Apple Application Support Apple Inc. 25.03.2012 62,7MB 2.1.7 Apple Mobile Device Support Apple Inc. 25.03.2012 24,2MB 5.1.1.4 Apple Software Update Apple Inc. 16.10.2011 2,38MB 2.1.3.127 ATI - Dienstprogramm zur Deinstallation der Software 27.08.2013 6.14.10.1020 ATI AVIVO Codecs ATI Technologies Inc. 08.06.2009 2,78MB 9.15.0.20713 ATI Catalyst Control Center 2.008.0225.2152 ATI Display Driver 27.08.2013 8.471-080225a1-059746C-ATI Belkin Wireless USB Adapter Setup Belkin 18.02.2010 2.20 Bonjour Apple Inc. 16.10.2011 1,03MB 3.0.0.10 Bounty Bay Online Frogster Interactive Pictures 14.12.2010 0.44 CCleaner Piriform 27.08.2013 3.15 ClipGrab 3.2.0.11 Philipp Schmieder Medien 12.04.2013 Compatibility Pack für 2007 Office System Microsoft Corporation 27.02.2013 65,0MB 12.0.6021.5000 CSVed 2.1.4 SJ Francke 23.03.2011 2.1.4 Deus Ex 27.08.2013 Die Siedler IV 27.08.2013 DivX-Setup DivX, Inc. 27.08.2013 1.0.0.450 Fiddler Telerik 27.08.2013 2.4.5.0 Free FLV Converter V 6.98.0 Koyote Soft 24.07.2011 6.98.0.0 Free PDF to Word Doc Converter v1.1 www.hellopdf.com 07.02.2012 1.1 GeoGebra International GeoGebra Institute 17.02.2011 3.2.46.0 Giants 27.08.2013 GildenIdent 1½ V4.4 ScampiKutter 27.08.2013 4.4 GIMP 2.6.8 02.02.2010 Google Chrome Google Inc. 25.04.2010 13.0.782.220 Google Updater Google Inc. 27.08.2013 2.4.1739.5352 HdR Die Rückkehr des Königs tm 27.08.2013 High Definition Audio Driver Package - KB888111 Microsoft Corporation 27.08.2013 20040219.000000 ICQ7.5 ICQ 18.06.2011 7.5 IDT Audio IDT 08.06.2009 5.10.5407.0 iTunes Apple Inc. 25.03.2012 157,4MB 10.6.0.40 Java 7 Update 25 Oracle 11.08.2013 129,3MB 7.0.250 Knights Of Honor 27.08.2013 1.00 LG PC Suite III LG Electronics 23.03.2011 1.0.0.0 LyricXeeker LyriXeeker Tech 27.08.2013 Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 14.04.2013 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft 08.06.2009 37,1MB 1.1.4322 Microsoft .NET Framework 1.1 German Language Pack Microsoft 08.06.2009 3,07MB 1.1.4322 Microsoft .NET Framework 2.0 Microsoft Corporation 08.06.2009 Microsoft Age of Empires II 27.08.2013 Microsoft Age of Empires II: The Conquerors Expansion 27.08.2013 Microsoft Office Enterprise 2007 Microsoft Corporation 10.06.2013 12.0.4518.1014 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.06.2009 15,1MB 9.0.30729 Microsoft Works 2000 Microsoft Corporation 19.11.2009 66,7MB 1.0.0.0000 Microsoft Works 2000-Setup-Start 27.08.2013 mIRC mIRC Co. Ltd. 27.08.2013 6.35 MobileMe Control Panel Apple Inc. 25.02.2012 12,9MB 3.1.8.0 Mozilla Firefox 23.0.1 (x86 de) Mozilla 27.08.2013 23.0.1 Mozilla Maintenance Service Mozilla 27.08.2013 23.0.1 MSXML4 Parser Microsoft Game Studios 07.07.2009 77,00KB 1.0.0 Nitro PDF Reader 2 Nitro PDF Software 07.02.2012 89,9MB 2.1.1.3 Notepad++ 27.08.2013 5.8.7 Nur Deinstallierung der CopyTrans Suite möglich. WindSolutions 27.08.2013 2.27 Photo Transport CASIO COMPUTER CO., LTD. 27.04.2011 0,98MB 1.0.1 PhotoScape 27.08.2013 PlanMaker Viewer SoftMaker Software GmbH 27.08.2013 QuickTime Apple Inc. 16.10.2011 73,0MB 7.70.80.34 RealPlayer RealNetworks 27.08.2013 Safari Apple Inc. 09.08.2013 106,0MB 5.34.57.2 Siedler3 27.08.2013 Skype™ 6.0 Skype Technologies S.A. 23.01.2013 20,4MB 6.0.126 SUPERAntiSpyware SUPERAntiSpyware.com 27.08.2013 5.0.1144 TeamSpeak 2 RC2 Dominating Bytes Design 27.08.2013 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 27.08.2013 Uninstall 1.0.0.1 23.07.2010 Voyage Century Online IGG,Inc. 11.08.2012 0.99 Windows XP Service Pack 3 Microsoft Corporation 21.10.2009 20080414.031514 WinRAR 27.08.2013 Word in Works Suite-Add-In Microsoft Corporation 19.11.2009 5,53MB 1.0.0.0000 |
28.08.2013, 01:07 | #2 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Hallo,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
28.08.2013, 08:23 | #3 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Morgen Aharonov,
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013 Ran by dy (administrator) on 28-08-2013 09:11:41 Running from C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (Wsys Co., Ltd.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Belkin International, Inc.) C:\Programme\Belkin\BelkinWCUI.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Apple Inc.) C:\Programme\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [172544 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.) HKLM\...\Run: [AppleSyncNotifier] - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\!SASWinLogon: C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [X] Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [SUPERAntiSpyware] - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-31] (SUPERAntiSpyware.com) HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [17878704 2012-11-09] (Skype Technologies S.A.) MountPoints2: {c35bbc30-b3e4-11e1-b09f-00219710b2aa} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NB-06.vbs Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Dienstprogramm für kabellose Netzwerke.lnk ShortcutTarget: Belkin Dienstprogramm für kabellose Netzwerke.lnk -> C:\Programme\Belkin\BelkinWCUI.exe (Belkin International, Inc.) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL (Microsoft Corporation) Handler: ipp - No CLSID Value - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default FF user.js: detected! => C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\user.js FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @nitropdf.com/NitroPDF - C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File FF Plugin: @real.com/nppl3260;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.688 - D:\Programme\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\qvo6.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: FoxGame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\foxgame2@foxgame.org FF Extension: Lavasoft Search Plugin - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: StOgame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\StOgame@stogame.net FF Extension: BBCodeXtra - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] D:\Programme\Fiddler2\FiddlerHook FF Extension: FiddlerHook - D:\Programme\Fiddler2\FiddlerHook FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761&type=default&q={searchTerms} CHR DefaultSuggestURL: (qvo6) - "suggest_url": "" CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\13.0.782.220\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Programme\Google\Chrome\Application\13.0.782.220\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\13.0.782.220\gcswf32.dll () CHR Plugin: (Adobe Acrobat) - C:\Programme\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (DivX Web Player) - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (LyricXeeker) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci\1.130_0 CHR Extension: (Lightning Newtab) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0 CHR Extension: (AT_DJTiesto) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2 CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR StartMenuInternet: Google Chrome - C:\Programme\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Programme\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com) R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144 2012-02-27] (Apple Inc.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-02-19] () R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S4 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2010-05-02] (Google) R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821608 2012-03-06] (Apple Inc.) R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-19] (Mozilla Foundation) R2 NitroReaderDriverReadSpool2; C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196904 2011-12-20] (Nitro PDF Software) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2003-04-02] (Microsoft Corporation) S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-10-19] (Skype Technologies) R2 WsysSvc; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe [303680 2013-08-27] (Wsys Co., Ltd.) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2010-01-29] (Cisco Systems, Inc.) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2003-04-02] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2003-04-02] (Microsoft Corporation) S3 PCANDIS5; C:\WINDOWS\System32\PCANDIS5.SYS [17134 2002-05-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [637952 2008-10-01] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1270872 2007-12-14] (IDT, Inc.) S4 IntelIde; No ImagePath S3 Lavasoft Kernexplorer; \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys [x] S0 Lbd; System32\DRIVERS\Lbd.sys [x] S3 PRISM_A02; System32\DRIVERS\PRISMA02.sys [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 20:16 - 2013-08-28 00:48 - 00000407 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-27 17:37 - 2013-08-28 09:03 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-27 17:37 - 2013-08-28 09:03 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 10:26 - 2013-08-27 14:49 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-19 14:36 - 2013-08-19 16:43 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-09 20:39 - 2013-08-10 10:30 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari ==================== One Month Modified Files and Folders ======= 2013-08-28 09:09 - 2013-08-28 09:09 - 00000000 ____D C:\FRST 2013-08-28 09:03 - 2013-08-27 17:37 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-28 09:03 - 2013-08-27 17:37 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-28 09:01 - 2010-10-29 00:44 - 00000264 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-28 09:01 - 2009-06-08 11:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-28 00:48 - 2013-08-27 20:16 - 00000407 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-28 00:48 - 2009-06-08 12:28 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2013-08-28 00:48 - 2009-06-08 11:15 - 00032588 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-28 00:48 - 2009-06-08 11:15 - 00000190 ___SH C:\Dokumente und Einstellungen\dy\ntuser.ini 2013-08-28 00:35 - 2009-06-08 12:05 - 00000000 ___RD C:\Programme 2013-08-28 00:17 - 2012-11-07 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Skype 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 19:55 - 2009-06-08 11:38 - 00000000 ___SD C:\Dokumente und Einstellungen\dy\UserData 2013-08-27 19:55 - 2009-06-08 11:15 - 00000000 ____D C:\Dokumente und Einstellungen\dy 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 16:44 - 2009-06-08 13:03 - 00000211 ___SH C:\boot.ini 2013-08-27 16:44 - 2003-04-02 14:00 - 00000961 _____ C:\WINDOWS\win.ini 2013-08-27 16:44 - 2003-04-02 14:00 - 00000327 _____ C:\WINDOWS\system.ini 2013-08-27 16:29 - 2009-06-08 11:44 - 00001868 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2013-08-27 14:49 - 2013-08-27 10:26 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-27 14:49 - 2010-10-29 00:44 - 00000272 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-27 01:40 - 2012-03-08 13:54 - 00000484 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2013-08-26 13:40 - 2010-10-27 18:01 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Programme 2013-08-26 13:36 - 2003-04-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-25 01:13 - 2009-06-08 11:15 - 00000000 ___RD C:\Dokumente und Einstellungen\dy\Startmenü\Programme 2013-08-22 18:04 - 2012-04-27 17:30 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-08-19 16:43 - 2013-08-19 14:36 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-16 22:40 - 2013-06-09 21:57 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Originals 2013-08-16 17:01 - 2012-01-14 17:30 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Hochschule 2013-08-16 17:01 - 2010-05-16 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Schreibkram 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-11 13:19 - 2013-02-09 19:19 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-08-11 13:19 - 2012-02-19 13:20 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-08-11 13:19 - 2009-06-08 11:11 - 00000000 ____D C:\Programme\Java 2013-08-10 10:30 - 2013-08-09 20:39 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:40 - 2011-10-20 20:56 - 00056740 ____H C:\WINDOWS\system32\mlfcache.dat 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari 2013-08-09 20:39 - 2011-03-20 11:12 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Apple Computer 2013-08-05 18:08 - 2009-06-08 12:05 - 00964298 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-30 12:56 - 2013-06-10 10:58 - 00005120 ____H C:\Dokumente und Einstellungen\dy\Desktop\photothumb.db Files to move or delete: ==================== C:\DOKUME~1\dy\LOKALE~1\Temp\SkypeSetup.exe C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\3326765_Setup.EXE C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\cor_ar_201381417179_qvo6.exe C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\wajam_validate.exe C:\DOKUME~1\dy\LOKALE~1\Temp\eIntaller\927492E73BA14fecBB91E2AF2BBFB104\eGdpSvc.exe C:\DOKUME~1\dy\LOKALE~1\Temp\eIntaller\927492E73BA14fecBB91E2AF2BBFB104\eXQ.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2003-04-02 14:00] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2003-05-22 17:47] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6 C:\Windows\System32\User32.dll [2003-04-02 14:00] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2003-04-02 14:00] - [2008-04-14 07:22] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013 Ran by dy at 2013-08-28 09:12:12 Running from C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 10 ActiveX (Version: 10.0.12.36) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Age of Mythology Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) ATI - Dienstprogramm zur Deinstallation der Software (Version: 6.14.10.1020) ATI AVIVO Codecs (Version: 9.15.0.20713) ATI Catalyst Control Center (Version: 2.008.0225.2152) ATI Display Driver (Version: 8.471-080225a1-059746C-ATI) ATI Parental Control & Encoder (Version: 3.0) Belkin Wireless USB Adapter Setup (Version: 2.20) Bonjour (Version: 3.0.0.10) Bounty Bay Online (Version: 0.44) Catalyst Control Center Core Implementation (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Full Existing (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Full New (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Light (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Previews Common (Version: 2008.0225.2153.39091) CCC Help English (Version: 2008.0225.2152.39091) ccc-core-preinstall (Version: 2008.0225.2153.39091) ccc-core-static (Version: 2008.0225.2153.39091) ccc-utility (Version: 2008.0225.2153.39091) CCleaner (Version: 3.15) ClipGrab 3.2.0.11 Compatibility Pack für 2007 Office System (Version: 12.0.6021.5000) CSVed 2.1.4 (Version: 2.1.4) Deus Ex Die Siedler IV DivX-Setup (Version: 1.0.0.450) Fiddler (Version: 2.4.5.0) Free FLV Converter V 6.98.0 (Version: 6.98.0.0) Free PDF to Word Doc Converter v1.1 (Version: 1.1) GeoGebra (Version: 3.2.46.0) Giants GildenIdent 1½ V4.4 (Version: 4.4) GIMP 2.6.8 Google Chrome (Version: 13.0.782.220) Google Update Helper (Version: 1.3.21.65) Google Updater (Version: 2.4.1739.5352) HdR Die Rückkehr des Königs tm High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) ICQ7.5 (Version: 7.5) IDT Audio (Version: 5.10.5407.0) IncrediMail (Version: 6.2.6.4878) iTunes (Version: 10.6.0.40) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Knights Of Honor (Version: 1.00) LG PC Suite III (Version: 1.0.0.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 (Version: 2.0.50727) Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.4518.1014) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Works 2000 (Version: 1.0.0.0000) Microsoft Works 2000-Setup-Start mIRC (Version: 6.35) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) MSXML4 Parser (Version: 1.0.0) Nitro PDF Reader 2 (Version: 2.1.1.3) Notepad++ (Version: 5.8.7) Nur Deinstallierung der CopyTrans Suite möglich. (HKCU Version: 2.27) Photo Transport (Version: 1.0.1) PhotoScape PlanMaker Viewer QuickTime (Version: 7.70.80.34) RealPlayer RealUpgrade 1.0 (Version: 1.0.0) Safari (Version: 5.34.57.2) Siedler3 Skins (Version: 2008.0225.2153.39091) Skype™ 6.0 (Version: 6.0.126) SUPERAntiSpyware (Version: 5.0.1144) SweetIM for Messenger 3.6 (Version: 3.6.0007) TeamSpeak 2 RC2 (Version: 2.0.32.60) TeamSpeak 3 Client Uninstall 1.0.0.1 VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0) Voyage Century Online (Version: 0.99) WebFldrs XP (Version: 9.50.6513) Windows XP Service Pack 3 (Version: 20080414.031514) WinRAR Word in Works Suite-Add-In (Version: 1.0.0.0000) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2003-04-02 14:00 - 2003-04-02 14:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programme\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1965331169-839522115-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1965331169-839522115-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2013 00:23:22 AM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung giants.exe, Version 0.0.0.0, fehlgeschlagenes Modul giants.exe, Version 0.0.0.0, Fehleradresse 0x00005d3a. Das medienspezifische Ereignis für [giants.exe!ws!] wird verarbeitet. Error: (08/22/2013 10:03:46 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x00002332. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (08/10/2013 07:41:00 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung webkit2webprocess.exe, Version 7534.57.2.4, fehlgeschlagenes Modul npswf32_11_7_700_224.dll, Version 11.7.700.224, Fehleradresse 0x001de5f1. Das medienspezifische Ereignis für [webkit2webprocess.exe!ws!] wird verarbeitet. Error: (08/10/2013 06:03:03 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. Error: (07/30/2013 00:54:41 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x00002332. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (07/30/2013 00:54:18 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x000022cd. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (07/15/2013 08:42:37 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. Error: (06/01/2013 02:02:29 AM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. Error: (05/12/2013 08:31:19 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung ClipGrab.exe, Version 0.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (05/12/2013 00:35:30 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung iTunes.exe, Version 10.6.0.40, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. System errors: ============= Error: (08/28/2013 09:03:33 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/28/2013 09:03:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht ordnungsgemäß gestartet. Error: (08/27/2013 08:18:40 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/27/2013 08:18:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht ordnungsgemäß gestartet. Error: (08/27/2013 05:37:23 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/27/2013 05:37:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht ordnungsgemäß gestartet. Error: (08/27/2013 04:47:06 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/27/2013 04:47:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht ordnungsgemäß gestartet. Error: (08/27/2013 04:19:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error: (08/27/2013 04:19:16 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 1791.23 MB Available physical RAM: 705.85 MB Total Pagefile: 3686.15 MB Available Pagefile: 2540.59 MB Total Virtual: 2047.88 MB Available Virtual: 1961.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:75.19 GB) (Free:26.4 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:195.31 GB) (Free:160.51 GB) NTFS Drive e: (GIANTS1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 93B693B6) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=391 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
28.08.2013, 10:30 | #4 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Hallo, ja dieses Lyricsdings war Adware. Hinweis: Kein Antivirenprogramm Ich sehe in deinen Logfiles kein laufendes Antivirenprogramm mit Hintergrundwächter. Das ist gefährlich. Auch wenn so ein Wächter niemals alle Bedrohungen abwehren kann, ist er doch ein wichtiger Bestandteil, um den Rechner sauber zu halten. Downloade und installiere bitte ein Antivirenprogramm mit Hintergrundwächter. Hier sind zwei mögliche Vorschläge: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
29.08.2013, 09:33 | #5 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Hallo, Ich habe mir Avast! wie vorgeschalgen instaliert durchlaufen lassen (hat sofort verdächtige Dateien gefunden) und auch AdwCleaner runtergeladen und den Scann durchgeführt. Nach dem Neustart jedoch kahm ich nicht mehr ins Internet. Mein Wlan Startete nicht beim Hochfahren und ließ sich ebensowenig Direkt öffnen wie einer meiner Browser (Symbol auf dem Desktop wurde nach doppelklick als durchsichtig angezeigt es passierte aber nichts) auch in die Systemsteuerung komme ich seit dem nicht mehr rein. Habe das System seit dem mehrfach Neugestartet, immer das selbe Problem, häufiger wurde ich bei herunterfahren vor dem Neustart gebeten auf sofort beenden zu klicken und angezeigt das Rundl32 einen fehler verursacht hat. Ich habe jetzt AdwCleaner wieder direkt gelöscht und zumindest unter Arbeitsplatz/Programme konnte ich jetzt W-LAN und Browser öffnen. Ich habe vorher selbstverständlich die Logs von AdwCleaner gesichert: AdwCleaner[R0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.001 - Report created 29/08/2013 at 01:34:12 # Updated 24/08/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : dy - DY-G42Y4E394HRE # Running from : C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads\adwcleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : WsysSvc ***** [ Files / Folders ] ***** File Found : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\icqplugin-1.xml File Found : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\user.js File Found : C:\WINDOWS\system32\roboot.exe Folder Found C:\DOKUME~1\dy\LOKALE~1\Temp\eIntaller Folder Found C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe Folder Found C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar Folder Found C:\Dokumente und Einstellungen\dy\Anwendungsdaten\dvdvideosoftiehelpers Folder Found C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\jetpack Folder Found C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\SweetIMToolbarData Folder Found C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Babylon Folder Found C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Conduit Folder Found C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\IncrediMail_MediaBar_2 Folder Found C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\IncrediMail_MediaBar_2 Folder Found C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\PackageAware Folder Found C:\Programme\ICQ6Toolbar ***** [ Shortcuts ] ***** Shortcut Found : C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) Shortcut Found : C:\Dokumente und Einstellungen\dy\Desktop\Programme\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) Shortcut Found : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) Shortcut Found : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) Shortcut Found : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) Shortcut Found : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ) ***** [ Registry ] ***** Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Programme\Mozilla Firefox\firefox.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Programme\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Programme\Internet Explorer\iexplore.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command [(Default)] - "C:\Programme\Safari\Safari.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Key Found : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Key Found : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\IncrediMail_MediaBar_2 Key Found : HKCU\Software\IncrediMail_MediaBar_2 Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\lyrixeeker Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Key Found : HKLM\Software\AskBarDis Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\ Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\ Key Found : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Interface\ Key Found : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\sim-packages Key Found : HKLM\SOFTWARE\Classes\TypeLib\ Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Found : HKLM\Software\eSafeSecControl Key Found : HKLM\Software\ICQ\ICQToolbar Key Found : HKLM\Software\ImInstaller Key Found : HKLM\Software\IncrediMail_MediaBar_2 Key Found : HKLM\Software\IncrediMail_MediaBar_2 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{349DCB87-2019-46A8-B413-0C820D5CFCD7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B85C4CB2-B352-4BD8-818C-BCE353599107} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Key Found : HKLM\Software\qvo6Software Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.5512 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla\Firefox\Profiles\4bbfq8rh.default\prefs.js ] [ File : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\prefs.js ] Line Found : user_pref("CT2269050..clientLogIsEnabled", true); Line Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Line Found : user_pref("CT2269050.CTID", "CT2269050"); Line Found : user_pref("CT2269050.CurrentServerDate", "19-2-2012"); Line Found : user_pref("CT2269050.DialogsAlignMode", "LTR"); Line Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Feb 19 2012 11:17:20 GMT+0100"); Line Found : user_pref("CT2269050.DownloadReferralCookieData", ""); Line Found : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 24 2010 02:47:28 GMT+0200"); Line Found : user_pref("CT2269050.FirstServerDate", "24-7-2010"); Line Found : user_pref("CT2269050.FirstTime", true); Line Found : user_pref("CT2269050.FirstTimeFF3", true); Line Found : user_pref("CT2269050.FirstTimeSettingsDone", true); Line Found : user_pref("CT2269050.FixPageNotFoundErrors", true); Line Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Line Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Line Found : user_pref("CT2269050.HasUserGlobalKeys", true); Line Found : user_pref("CT2269050.Initialize", true); Line Found : user_pref("CT2269050.InitializeCommonPrefs", true); Line Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 2); Line Found : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Line Found : user_pref("CT2269050.InstalledDate", "Sat Jul 24 2010 02:47:28 GMT+0200"); Line Found : user_pref("CT2269050.InvalidateCache", false); Line Found : user_pref("CT2269050.IsGrouping", false); Line Found : user_pref("CT2269050.IsMulticommunity", false); Line Found : user_pref("CT2269050.IsOpenThankYouPage", false); Line Found : user_pref("CT2269050.IsOpenUninstallPage", false); Line Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Line Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Line Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Sat Jul 24 2010 02:47:29 GMT+0200"); Line Found : user_pref("CT2269050.LastLogin_3.3.3.2", "Sun Feb 19 2012 11:17:18 GMT+0100"); Line Found : user_pref("CT2269050.LatestVersion", "3.10.0.1"); Line Found : user_pref("CT2269050.Locale", "en"); Line Found : user_pref("CT2269050.LoginCache", 4); Line Found : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Line Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Line Found : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Line Found : user_pref("CT2269050.RadioIsPodcast", false); Line Found : user_pref("CT2269050.RadioLastCheckTime", "Sat Jul 24 2010 02:47:30 GMT+0200"); Line Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Line Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Line Found : user_pref("CT2269050.RadioMediaID", "12473383"); Line Found : user_pref("CT2269050.RadioMediaType", "Media Player"); Line Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Line Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Line Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Line Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1"); Line Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Line Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="); Line Found : user_pref("CT2269050.SearchInNewTabEnabled", true); Line Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Line Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Feb 19 2012 11:17:18 GMT+0100"); Line Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Line Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); Line Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Line Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Found : user_pref("CT2269050.SettingsLastUpdate", "1327227404"); Line Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Line Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586"); Line Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Line Found : user_pref("CT2269050.Uninstall", true); Line Found : user_pref("CT2269050.UserID", "UN34490231619491549"); Line Found : user_pref("CT2269050.ValidationData_Toolbar", 0); Line Found : user_pref("CT2269050.WeatherNetwork", ""); Line Found : user_pref("CT2269050.WeatherPollDate", "Sat Jul 24 2010 02:48:38 GMT+0200"); Line Found : user_pref("CT2269050.WeatherUnit", "C"); Line Found : user_pref("CT2269050.alertChannelId", "666138"); Line Found : user_pref("CT2269050.clientLogIsEnabled", false); Line Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...] Line Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Found : user_pref("CT2269050.isAppTrackingManagerOn", true); Line Found : user_pref("CT2269050.myStuffEnabled", true); Line Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Line Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Line Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Line Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Line Found : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,129114742153905471,1195972076538955800,129121052374999726,129023235807856892,1000082,8767590000360389618,1000034,1000234,41310[...] Line Found : user_pref("CT2269050.testingCtid", ""); Line Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sun Feb 19 2012 11:17:17 GMT+0100"); Line Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050"); Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"ef808ae2fa8a68c5242bd2287b0ac9b41\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", "\"1289911445\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724386", "\"1327826608\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg=="); Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw=="); Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg=="); Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg=="); Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.2.0", "\"80161a5ed5ccc1:0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:0\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"13a760730d9291f1df061003ecf304ce\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634485749189530000\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000"); Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=CT2724386", "\"1313478217\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724386&octid=CT2724386", "\"9e93fc0354bc77c480d8d968f7ed0fec1\""); Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\""); Line Found : user_pref("CommunityToolbar.EngineHiddenByUser", true); Line Found : user_pref("CommunityToolbar.EngineOwner", ""); Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", ""); Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", ""); Line Found : user_pref("CommunityToolbar.IsEngineShown", true); Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", ""); Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Line Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 12:48:38 GMT+0200"); Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 18 2012 21:23:20 GMT+0100"); Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line Found : user_pref("CommunityToolbar.alert.locale", "en"); Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 18 2012 13:23:06 GMT+0100"); Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line Found : user_pref("CommunityToolbar.alert.userId", "bf22dc10-77f6-4fe5-acb1-d9146e2aec04"); Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Feb 19 2012 11:16:53 GMT+0100"); Line Found : user_pref("CommunityToolbar.globalUserId", "74d7f0ca-c34a-4dc7-bac1-18938c4d11a7"); Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line Found : user_pref("extensions.greasemonkey.scriptvals.antikiller/AntiGame.UNI49_DETimeZoneDelta", 0); Line Found : user_pref("icqtoolbar.allowSendURL", false); Line Found : user_pref("icqtoolbar.engineVerified", false); Line Found : user_pref("icqtoolbar.geolastmodified", 1328102222); Line Found : user_pref("icqtoolbar.hiddenElements", "itb_options"); Line Found : user_pref("icqtoolbar.history", "hochschule%20lausitz||sparkasse%20spree%20nei%C3%9Fe||Media%20Wikipedia||w||schwacke%20liste%20kostenlos||h7%20lampen%20xenon||renault%20megane%20lampenwechsel||0900%2[...] Line Found : user_pref("icqtoolbar.icqgeo", 49); Line Found : user_pref("icqtoolbar.installTime", "1308379375"); Line Found : user_pref("icqtoolbar.installsource", "1"); Line Found : user_pref("icqtoolbar.newtab_state", "0"); Line Found : user_pref("icqtoolbar.numberOfSearches", 0); Line Found : user_pref("icqtoolbar.previousFFVersion", "3.6.26"); Line Found : user_pref("icqtoolbar.skip_default_search", "no"); Line Found : user_pref("icqtoolbar.suggestions", false); Line Found : user_pref("icqtoolbar.uniqueID", "130835744713083576721308379375577"); Line Found : user_pref("icqtoolbar.usageStatstTimestamp", 1328360669); Line Found : user_pref("icqtoolbar.version", "1.1.9"); Line Found : user_pref("icqtoolbar.voucherHideClicks", 0); Line Found : user_pref("icqtoolbar.voucherMoreLinkClicks", 0); Line Found : user_pref("icqtoolbar.voucherRedeemClicks", 0); Line Found : user_pref("icqtoolbar.voucherWasShown", 0); Line Found : user_pref("icqtoolbar.xmlEnableSuggestions", false); Line Found : user_pref("icqtoolbar.xmlLanguage", "de"); Line Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Line Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Line Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Line Found : user_pref("sweetim.toolbar.mode.debug", "false"); Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"); Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); Line Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...] Line Found : user_pref("sweetim.toolbar.search.history.capacity", "10"); Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Line Found : user_pref("sweetim.toolbar.searchguard.enable", "true"); Line Found : user_pref("sweetim.toolbar.simapp_id", "{A60C210B-1215-44D3-9020-0BCDC278B6E7}"); Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={A60C210B-1215-44D3-9020-0BCDC278B6E7}"); Line Found : user_pref("sweetim.toolbar.version", "1.4.0.0"); -\\ Google Chrome v13.0.782.220 [ File : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ] Found : search_url Found : keyword ************************* AdwCleaner[R0].txt - [27655 octets] - [29/08/2013 01:34:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [27716 octets] ########## AdwCleaner [S0] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.001 - Report created 29/08/2013 at 01:38:38 # Updated 24/08/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : dy - DY-G42Y4E394HRE # Running from : C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : WsysSvc ***** [ Files / Folders ] ***** Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar Folder Deleted : C:\Programme\ICQ6Toolbar Folder Deleted : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Babylon Folder Deleted : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Conduit Folder Deleted : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\IncrediMail_MediaBar_2 Folder Deleted : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\PackageAware Folder Deleted : C:\DOKUME~1\dy\LOKALE~1\Temp\eIntaller Folder Deleted : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\dvdvideosoftiehelpers Folder Deleted : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\jetpack Folder Deleted : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\SweetIMToolbarData File Deleted : C:\WINDOWS\system32\roboot.exe File Deleted : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\icqplugin-1.xml File Deleted : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\user.js ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk Shortcut Disinfected : C:\Dokumente und Einstellungen\dy\Desktop\Programme\Google Chrome.lnk Shortcut Disinfected : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk Shortcut Disinfected : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Shortcut Disinfected : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\IncrediMail_MediaBar_2 Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\lyrixeeker Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Key Deleted : HKLM\Software\AskBarDis Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\eSafeSecControl Key Deleted : HKLM\Software\ICQ\ICQToolbar Key Deleted : HKLM\Software\ImInstaller Key Deleted : HKLM\Software\IncrediMail_MediaBar_2 Key Deleted : HKLM\Software\qvo6Software Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B85C4CB2-B352-4BD8-818C-BCE353599107} ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.5512 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla\Firefox\Profiles\4bbfq8rh.default\prefs.js ] [ File : C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\prefs.js ] Line Deleted : user_pref("CT2269050..clientLogIsEnabled", true); Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Line Deleted : user_pref("CT2269050.CTID", "CT2269050"); Line Deleted : user_pref("CT2269050.CurrentServerDate", "19-2-2012"); Line Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Feb 19 2012 11:17:20 GMT+0100"); Line Deleted : user_pref("CT2269050.DownloadReferralCookieData", ""); Line Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 24 2010 02:47:28 GMT+0200"); Line Deleted : user_pref("CT2269050.FirstServerDate", "24-7-2010"); Line Deleted : user_pref("CT2269050.FirstTime", true); Line Deleted : user_pref("CT2269050.FirstTimeFF3", true); Line Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true); Line Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true); Line Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Line Deleted : user_pref("CT2269050.HasUserGlobalKeys", true); Line Deleted : user_pref("CT2269050.Initialize", true); Line Deleted : user_pref("CT2269050.InitializeCommonPrefs", true); Line Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 2); Line Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Line Deleted : user_pref("CT2269050.InstalledDate", "Sat Jul 24 2010 02:47:28 GMT+0200"); Line Deleted : user_pref("CT2269050.InvalidateCache", false); Line Deleted : user_pref("CT2269050.IsGrouping", false); Line Deleted : user_pref("CT2269050.IsMulticommunity", false); Line Deleted : user_pref("CT2269050.IsOpenThankYouPage", false); Line Deleted : user_pref("CT2269050.IsOpenUninstallPage", false); Line Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Line Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Sat Jul 24 2010 02:47:29 GMT+0200"); Line Deleted : user_pref("CT2269050.LastLogin_3.3.3.2", "Sun Feb 19 2012 11:17:18 GMT+0100"); Line Deleted : user_pref("CT2269050.LatestVersion", "3.10.0.1"); Line Deleted : user_pref("CT2269050.Locale", "en"); Line Deleted : user_pref("CT2269050.LoginCache", 4); Line Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Line Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT2269050.RadioIsPodcast", false); Line Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sat Jul 24 2010 02:47:30 GMT+0200"); Line Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Line Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Line Deleted : user_pref("CT2269050.RadioMediaID", "12473383"); Line Deleted : user_pref("CT2269050.RadioMediaType", "Media Player"); Line Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Line Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Line Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Line Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1"); Line Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="); Line Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Feb 19 2012 11:17:18 GMT+0100"); Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); Line Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Line Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Deleted : user_pref("CT2269050.SettingsLastUpdate", "1327227404"); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Feb 19 2012 11:17:15 GMT+0100"); Line Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586"); Line Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Line Deleted : user_pref("CT2269050.Uninstall", true); Line Deleted : user_pref("CT2269050.UserID", "UN34490231619491549"); Line Deleted : user_pref("CT2269050.ValidationData_Toolbar", 0); Line Deleted : user_pref("CT2269050.WeatherNetwork", ""); Line Deleted : user_pref("CT2269050.WeatherPollDate", "Sat Jul 24 2010 02:48:38 GMT+0200"); Line Deleted : user_pref("CT2269050.WeatherUnit", "C"); Line Deleted : user_pref("CT2269050.alertChannelId", "666138"); Line Deleted : user_pref("CT2269050.clientLogIsEnabled", false); Line Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...] Line Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true); Line Deleted : user_pref("CT2269050.myStuffEnabled", true); Line Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Line Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Line Deleted : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,129114742153905471,1195972076538955800,129121052374999726,129023235807856892,1000082,8767590000360389618,1000034,1000234,41310[...] Line Deleted : user_pref("CT2269050.testingCtid", ""); Line Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Feb 19 2012 11:17:16 GMT+0100"); Line Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Sun Feb 19 2012 11:17:17 GMT+0100"); Line Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050"); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"ef808ae2fa8a68c5242bd2287b0ac9b41\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", "\"1289911445\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724386", "\"1327826608\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.2.0", "\"80161a5ed5ccc1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"13a760730d9291f1df061003ecf304ce\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634485749189530000\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000"); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=CT2724386", "\"1313478217\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724386&octid=CT2724386", "\"9e93fc0354bc77c480d8d968f7ed0fec1\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\""); Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true); Line Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", ""); Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", ""); Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 12:48:38 GMT+0200"); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Feb 18 2012 21:23:20 GMT+0100"); Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Feb 18 2012 13:23:06 GMT+0100"); Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.alert.userId", "bf22dc10-77f6-4fe5-acb1-d9146e2aec04"); Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Feb 19 2012 11:16:53 GMT+0100"); Line Deleted : user_pref("CommunityToolbar.globalUserId", "74d7f0ca-c34a-4dc7-bac1-18938c4d11a7"); Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line Deleted : user_pref("extensions.greasemonkey.scriptvals.antikiller/AntiGame.UNI49_DETimeZoneDelta", 0); Line Deleted : user_pref("icqtoolbar.allowSendURL", false); Line Deleted : user_pref("icqtoolbar.engineVerified", false); Line Deleted : user_pref("icqtoolbar.geolastmodified", 1328102222); Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options"); Line Deleted : user_pref("icqtoolbar.history", "hochschule%20lausitz||sparkasse%20spree%20nei%C3%9Fe||Media%20Wikipedia||w||schwacke%20liste%20kostenlos||h7%20lampen%20xenon||renault%20megane%20lampenwechsel||0900%2[...] Line Deleted : user_pref("icqtoolbar.icqgeo", 49); Line Deleted : user_pref("icqtoolbar.installTime", "1308379375"); Line Deleted : user_pref("icqtoolbar.installsource", "1"); Line Deleted : user_pref("icqtoolbar.newtab_state", "0"); Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0); Line Deleted : user_pref("icqtoolbar.previousFFVersion", "3.6.26"); Line Deleted : user_pref("icqtoolbar.skip_default_search", "no"); Line Deleted : user_pref("icqtoolbar.suggestions", false); Line Deleted : user_pref("icqtoolbar.uniqueID", "130835744713083576721308379375577"); Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1328360669); Line Deleted : user_pref("icqtoolbar.version", "1.1.9"); Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0); Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0); Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0); Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0); Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false); Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de"); Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...] Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10"); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{A60C210B-1215-44D3-9020-0BCDC278B6E7}"); Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={A60C210B-1215-44D3-9020-0BCDC278B6E7}"); Line Deleted : user_pref("sweetim.toolbar.version", "1.4.0.0"); -\\ Google Chrome v13.0.782.220 [ File : C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ] Deleted : search_url Deleted : keyword ************************* AdwCleaner[R0].txt - [27797 octets] - [29/08/2013 01:34:12] AdwCleaner[S0].txt - [24633 octets] - [29/08/2013 01:38:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24694 octets] ########## FRST scan werde ich gleich noch versuchen durchzuführen und darunter zu Posten. Bin gerade bei der Suche Nach FRST aufm den Rechner auf ein Programm gestoßen das ich mir damit runtergeladen haben muss ERDNT? Habe das ausgeführt neustart gemacht und siehe da, das system läuft wieder komme in Systemsteuerung rein und alle "üblichen" Programme Starten wieder richtig dafür geht jetzt Avast nicht mehr Wie auch immer, ich füge mal den FRST Log an FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013 Ran by dy (administrator) on 29-08-2013 10:20:04 Running from C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Belkin International, Inc.) C:\Programme\Belkin\BelkinWCUI.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Apple Inc.) C:\Programme\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\plugin-container.exe (Farbar) C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [172544 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.) HKLM\...\Run: [AppleSyncNotifier] - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\!SASWinLogon: C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [X] Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [SUPERAntiSpyware] - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-31] (SUPERAntiSpyware.com) HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [17878704 2012-11-09] (Skype Technologies S.A.) MountPoints2: {b6c26ac1-5413-11de-a846-806d6172696f} - E:\autorun.exe /AUTORUN MountPoints2: {c35bbc30-b3e4-11e1-b09f-00219710b2aa} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NB-06.vbs Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Dienstprogramm für kabellose Netzwerke.lnk ShortcutTarget: Belkin Dienstprogramm für kabellose Netzwerke.lnk -> C:\Programme\Belkin\BelkinWCUI.exe (Belkin International, Inc.) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=hp&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=ds&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL (Microsoft Corporation) Handler: ipp - No CLSID Value - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @nitropdf.com/NitroPDF - C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File FF Plugin: @real.com/nppl3260;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.688 - D:\Programme\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\qvo6.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: FoxGame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\foxgame2@foxgame.org FF Extension: Lavasoft Search Plugin - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: StOgame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\StOgame@stogame.net FF Extension: BBCodeXtra - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] D:\Programme\Fiddler2\FiddlerHook FF Extension: FiddlerHook - D:\Programme\Fiddler2\FiddlerHook FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR DefaultSearchURL: (qvo6) - hxxp://www.google.com CHR DefaultSuggestURL: (qvo6) - "suggest_url": "" CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\13.0.782.220\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Programme\Google\Chrome\Application\13.0.782.220\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\13.0.782.220\gcswf32.dll () CHR Plugin: (Adobe Acrobat) - C:\Programme\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (DivX Web Player) - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Lightning Newtab) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0 CHR Extension: (AT_DJTiesto) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2 CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR StartMenuInternet: Google Chrome - C:\Programme\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Programme\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com) R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144 2012-02-27] (Apple Inc.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-02-19] () R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S4 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2010-05-02] (Google) R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821608 2012-03-06] (Apple Inc.) R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-19] (Mozilla Foundation) R2 NitroReaderDriverReadSpool2; C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196904 2011-12-20] (Nitro PDF Software) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2003-04-02] (Microsoft Corporation) S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-10-19] (Skype Technologies) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] S2 WsysSvc; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe\eGdpSvc.exe [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2010-01-29] (Cisco Systems, Inc.) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2003-04-02] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2003-04-02] (Microsoft Corporation) S3 PCANDIS5; C:\WINDOWS\System32\PCANDIS5.SYS [17134 2002-05-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [637952 2008-10-01] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1270872 2007-12-14] (IDT, Inc.) S4 IntelIde; No ImagePath S3 Lavasoft Kernexplorer; \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys [x] S0 Lbd; System32\DRIVERS\Lbd.sys [x] S3 PRISM_A02; System32\DRIVERS\PRISMA02.sys [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-29 10:09 - 2013-08-29 10:09 - 00020480 ____H C:\Dokumente und Einstellungen\dy\NTUSER.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00001024 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-29 09:12 - 2013-08-29 01:38 - 00024775 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[S0].txt 2013-08-29 09:12 - 2013-08-29 01:34 - 00027797 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[R0].txt 2013-08-29 01:58 - 2013-08-29 01:58 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-08-29 01:23 - 2013-08-29 10:10 - 00000270 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-29 01:23 - 2013-08-29 01:24 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-29 01:23 - 2013-08-29 01:24 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-29 01:23 - 2013-08-29 01:24 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-29 01:23 - 2013-08-29 01:23 - 00001472 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk 2013-08-29 01:23 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-29 01:23 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-29 01:23 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-08-29 01:23 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-29 01:23 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-29 01:23 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-29 01:23 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 01:22 - 2013-08-29 10:11 - 00000000 ____D C:\Programme\Avast 2013-08-28 09:09 - 2013-08-28 09:09 - 00000000 ____D C:\FRST 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 20:16 - 2013-08-29 10:09 - 00001610 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-27 17:37 - 2013-08-29 10:10 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-27 17:37 - 2013-08-29 10:10 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 10:26 - 2013-08-27 14:49 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-19 14:36 - 2013-08-19 16:43 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-09 20:39 - 2013-08-10 10:30 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari ==================== One Month Modified Files and Folders ======= 2013-08-29 10:16 - 2010-05-16 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Schreibkram 2013-08-29 10:11 - 2013-08-29 01:22 - 00000000 ____D C:\Programme\Avast 2013-08-29 10:10 - 2013-08-29 01:23 - 00000270 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-29 10:10 - 2013-08-27 17:37 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-29 10:10 - 2013-08-27 17:37 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-29 10:10 - 2010-10-29 00:44 - 00000264 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-29 10:10 - 2009-06-08 11:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-29 10:10 - 2003-04-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-29 10:09 - 2013-08-29 10:09 - 00032768 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00020480 ____H C:\Dokumente und Einstellungen\dy\NTUSER.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00001024 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-29 10:09 - 2013-08-27 20:16 - 00001610 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-29 10:09 - 2009-06-08 13:03 - 31719424 _____ C:\WINDOWS\system32\config\software.bak 2013-08-29 10:09 - 2009-06-08 13:03 - 04718592 _____ C:\WINDOWS\system32\config\system.bak 2013-08-29 10:09 - 2009-06-08 13:03 - 00524288 _____ C:\WINDOWS\system32\config\default.bak 2013-08-29 10:09 - 2009-06-08 12:28 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2013-08-29 10:09 - 2009-06-08 12:04 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak 2013-08-29 10:09 - 2009-06-08 12:04 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak 2013-08-29 10:09 - 2009-06-08 11:15 - 08126464 _____ C:\Dokumente und Einstellungen\dy\NTUSER.bak 2013-08-29 10:09 - 2009-06-08 11:15 - 00032588 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-29 10:09 - 2009-06-08 11:15 - 00000190 ___SH C:\Dokumente und Einstellungen\dy\ntuser.ini 2013-08-29 10:09 - 2009-06-08 11:15 - 00000000 ____D C:\Dokumente und Einstellungen\dy 2013-08-29 09:32 - 2009-06-08 13:03 - 00000211 ___SH C:\boot.ini 2013-08-29 09:32 - 2003-04-02 14:00 - 00000961 _____ C:\WINDOWS\win.ini 2013-08-29 09:32 - 2003-04-02 14:00 - 00000327 _____ C:\WINDOWS\system.ini 2013-08-29 09:30 - 2012-11-07 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Skype 2013-08-29 01:58 - 2013-08-29 01:58 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-08-29 01:38 - 2013-08-29 09:12 - 00024775 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[S0].txt 2013-08-29 01:38 - 2010-10-27 18:01 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Programme 2013-08-29 01:38 - 2009-06-08 12:05 - 00000000 ___RD C:\Programme 2013-08-29 01:38 - 2009-06-08 11:44 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2013-08-29 01:34 - 2013-08-29 09:12 - 00027797 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[R0].txt 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-08-29 01:24 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-08-29 01:24 - 2013-08-29 01:23 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-29 01:24 - 2013-08-29 01:23 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-29 01:24 - 2013-08-29 01:23 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-29 01:23 - 2013-08-29 01:23 - 00001472 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk 2013-08-29 01:23 - 2009-06-08 12:05 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared 2013-08-29 01:23 - 2009-06-08 11:10 - 00002951 _____ C:\WINDOWS\system32\CONFIG.NT 2013-08-28 09:09 - 2013-08-28 09:09 - 00000000 ____D C:\FRST 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 19:55 - 2009-06-08 11:38 - 00000000 ___SD C:\Dokumente und Einstellungen\dy\UserData 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 14:49 - 2013-08-27 10:26 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-27 14:49 - 2010-10-29 00:44 - 00000272 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-27 01:40 - 2012-03-08 13:54 - 00000484 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-25 01:13 - 2009-06-08 11:15 - 00000000 ___RD C:\Dokumente und Einstellungen\dy\Startmenü\Programme 2013-08-22 18:04 - 2012-04-27 17:30 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-08-19 16:43 - 2013-08-19 14:36 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-16 17:01 - 2012-01-14 17:30 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Hochschule 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-11 13:19 - 2013-02-09 19:19 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-08-11 13:19 - 2012-02-19 13:20 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-08-11 13:19 - 2009-06-08 11:11 - 00000000 ____D C:\Programme\Java 2013-08-10 10:30 - 2013-08-09 20:39 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:40 - 2011-10-20 20:56 - 00056740 ____H C:\WINDOWS\system32\mlfcache.dat 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari 2013-08-09 20:39 - 2011-03-20 11:12 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Apple Computer 2013-08-05 18:08 - 2009-06-08 12:05 - 00964298 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-30 12:56 - 2013-06-10 10:58 - 00005120 ____H C:\Dokumente und Einstellungen\dy\Desktop\photothumb.db Files to move or delete: ==================== C:\DOKUME~1\dy\LOKALE~1\Temp\Quarantine.exe C:\DOKUME~1\dy\LOKALE~1\Temp\SkypeSetup.exe C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\3326765_Setup.EXE C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\cor_ar_201381417179_qvo6.exe C:\DOKUME~1\dy\LOKALE~1\Temp\is1732802001\wajam_validate.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2003-04-02 14:00] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2003-05-22 17:47] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6 C:\Windows\System32\User32.dll [2003-04-02 14:00] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2003-04-02 14:00] - [2008-04-14 07:22] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ --- --- --- --- --- --- hier noch die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013 Ran by dy at 2013-08-29 10:31:46 Running from C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 10 ActiveX (Version: 10.0.12.36) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Age of Mythology Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) ATI - Dienstprogramm zur Deinstallation der Software (Version: 6.14.10.1020) ATI AVIVO Codecs (Version: 9.15.0.20713) ATI Catalyst Control Center (Version: 2.008.0225.2152) ATI Display Driver (Version: 8.471-080225a1-059746C-ATI) ATI Parental Control & Encoder (Version: 3.0) Belkin Wireless USB Adapter Setup (Version: 2.20) Bonjour (Version: 3.0.0.10) Bounty Bay Online (Version: 0.44) Catalyst Control Center Core Implementation (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Full Existing (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Full New (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Light (Version: 2008.0225.2153.39091) Catalyst Control Center Graphics Previews Common (Version: 2008.0225.2153.39091) CCC Help English (Version: 2008.0225.2152.39091) ccc-core-preinstall (Version: 2008.0225.2153.39091) ccc-core-static (Version: 2008.0225.2153.39091) ccc-utility (Version: 2008.0225.2153.39091) CCleaner (Version: 3.15) ClipGrab 3.2.0.11 Compatibility Pack für 2007 Office System (Version: 12.0.6021.5000) CSVed 2.1.4 (Version: 2.1.4) Deus Ex Die Siedler IV DivX-Setup (Version: 1.0.0.450) Fiddler (Version: 2.4.5.0) Free FLV Converter V 6.98.0 (Version: 6.98.0.0) Free PDF to Word Doc Converter v1.1 (Version: 1.1) GeoGebra (Version: 3.2.46.0) Giants GildenIdent 1½ V4.4 (Version: 4.4) GIMP 2.6.8 Google Chrome (Version: 13.0.782.220) Google Update Helper (Version: 1.3.21.65) Google Updater (Version: 2.4.1739.5352) HdR Die Rückkehr des Königs tm High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) ICQ7.5 (Version: 7.5) IDT Audio (Version: 5.10.5407.0) IncrediMail (Version: 6.2.6.4878) iTunes (Version: 10.6.0.40) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Knights Of Honor (Version: 1.00) LG PC Suite III (Version: 1.0.0.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 (Version: 2.0.50727) Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.4518.1014) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Works 2000 (Version: 1.0.0.0000) Microsoft Works 2000-Setup-Start mIRC (Version: 6.35) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) MSXML4 Parser (Version: 1.0.0) Nitro PDF Reader 2 (Version: 2.1.1.3) Notepad++ (Version: 5.8.7) Nur Deinstallierung der CopyTrans Suite möglich. (HKCU Version: 2.27) Photo Transport (Version: 1.0.1) PhotoScape PlanMaker Viewer QuickTime (Version: 7.70.80.34) RealPlayer RealUpgrade 1.0 (Version: 1.0.0) Safari (Version: 5.34.57.2) Siedler3 Skins (Version: 2008.0225.2153.39091) Skype™ 6.0 (Version: 6.0.126) SUPERAntiSpyware (Version: 5.0.1144) SweetIM for Messenger 3.6 (Version: 3.6.0007) TeamSpeak 2 RC2 (Version: 2.0.32.60) TeamSpeak 3 Client Uninstall 1.0.0.1 VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0) Voyage Century Online (Version: 0.99) WebFldrs XP (Version: 9.50.6513) Windows XP Service Pack 3 (Version: 20080414.031514) WinRAR Word in Works Suite-Add-In (Version: 1.0.0.0000) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2003-04-02 14:00 - 2003-04-02 14:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programme\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Programme\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1965331169-839522115-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1965331169-839522115-1005.job => C:\Programme\Real\RealUpgrade\realupgrade.exe ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/29/2013 01:20:19 AM) (Source: crypt32) (User: ) Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/29/2013 01:20:19 AM) (Source: crypt32) (User: ) Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/28/2013 00:23:22 AM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung giants.exe, Version 0.0.0.0, fehlgeschlagenes Modul giants.exe, Version 0.0.0.0, Fehleradresse 0x00005d3a. Das medienspezifische Ereignis für [giants.exe!ws!] wird verarbeitet. Error: (08/22/2013 10:03:46 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x00002332. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (08/10/2013 07:41:00 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung webkit2webprocess.exe, Version 7534.57.2.4, fehlgeschlagenes Modul npswf32_11_7_700_224.dll, Version 11.7.700.224, Fehleradresse 0x001de5f1. Das medienspezifische Ereignis für [webkit2webprocess.exe!ws!] wird verarbeitet. Error: (08/10/2013 06:03:03 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. Error: (07/30/2013 00:54:41 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x00002332. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (07/30/2013 00:54:18 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung photoscape.exe, Version 1.0.0.1294, fehlgeschlagenes Modul gdiplus.dll, Version 5.1.3102.5512, Fehleradresse 0x000022cd. Das medienspezifische Ereignis für [photoscape.exe!ws!] wird verarbeitet. Error: (07/15/2013 08:42:37 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. Error: (06/01/2013 02:02:29 AM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung deusex.exe, Version 0.0.0.0, fehlgeschlagenes Modul core.dll, Version 0.0.0.0, Fehleradresse 0x00045630. Das medienspezifische Ereignis für [deusex.exe!ws!] wird verarbeitet. System errors: ============= Error: (08/29/2013 10:10:43 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 10:10:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/29/2013 09:37:18 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 09:33:35 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 09:31:00 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 09:10:24 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 09:06:20 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 01:55:03 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/29/2013 01:40:32 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error: (08/28/2013 11:41:27 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 1791.23 MB Available physical RAM: 919.12 MB Total Pagefile: 3686.15 MB Available Pagefile: 2474.96 MB Total Virtual: 2047.88 MB Available Virtual: 1961.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:75.19 GB) (Free:25.55 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:195.31 GB) (Free:160.27 GB) NTFS Drive e: (GIANTS1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 93B693B6) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=391 GB) - (Type=OF Extended) ==================== End Of Log ============================ Geändert von Dy23 (29.08.2013 um 09:06 Uhr) Grund: R0 nicht vollständig |
29.08.2013, 09:49 | #6 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Hallo, mit ERDNT hast du deine Registry wieder auf einen früheren Stand zurückgesetzt (das ist ein Backup-Tool, das mit unseren Programmen mitkommt, um die Registry zu sichern, für den Fall, dass etwas schief läuft.). Deinstalliere avast mal komplett und installiere es neu. Schritt 1 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 2 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung |
29.08.2013, 12:23 | #7 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Achso Super, da war mein gefährliches Halbwissen doch noch zu was nütze Avast Ist wieder oben und läuft soweit ohne Probleme. JRT ist durchgelaufen: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.5 (08.28.2013:1) OS: Microsoft Windows XP x86 Ran by dy on 29.08.2013 at 13:01:32,78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-220523388-1965331169-839522115-1005\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sim-packages Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\lyrixeeker Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2724386 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\mozilla\firefox\profiles\12wmmxpn.default\minidumps [8 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.08.2013 at 13:04:36,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013 Ran by dy (administrator) on 29-08-2013 13:07:44 Running from C:\Dokumente und Einstellungen\dy\Eigene Dateien\Downloads Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (AVAST Software) C:\Programme\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (AVAST Software) C:\Programme\AVAST Software\Avast\avastUI.exe (Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Belkin International, Inc.) C:\Programme\Belkin\BelkinWCUI.exe (SUPERAntiSpyware.com) C:\Programme\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Nitro PDF Software) C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Apple Inc.) C:\Programme\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (AVAST Software) C:\Programme\AVAST Software\Avast\setup\avast.setup (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [172544 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.) HKLM\...\Run: [AppleSyncNotifier] - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM\...\Run: [APSDaemon] - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avast] - C:\Programme\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) Winlogon\Notify\!SASWinLogon: C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [X] Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [SUPERAntiSpyware] - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-31] (SUPERAntiSpyware.com) HKCU\...\Run: [Skype] - C:\Programme\Skype\Phone\Skype.exe [17878704 2012-11-09] (Skype Technologies S.A.) MountPoints2: {c35bbc30-b3e4-11e1-b09f-00219710b2aa} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NB-06.vbs Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Dienstprogramm für kabellose Netzwerke.lnk ShortcutTarget: Belkin Dienstprogramm für kabellose Netzwerke.lnk -> C:\Programme\Belkin\BelkinWCUI.exe (Belkin International, Inc.) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL (Microsoft Corporation) Handler: ipp - No CLSID Value - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog5 05 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @nitropdf.com/NitroPDF - C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File FF Plugin: @real.com/nppl3260;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.688 - D:\Programme\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - D:\Programme\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\qvo6.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: FoxGame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\foxgame2@foxgame.org FF Extension: StOgame - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\StOgame@stogame.net FF Extension: BBCodeXtra - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Mozilla\Firefox\Profiles\12wmmxpn.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Default - C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] D:\Programme\Fiddler2\FiddlerHook FF Extension: FiddlerHook - D:\Programme\Fiddler2\FiddlerHook FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Programme\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Programme\AVAST Software\Avast\WebRep\FF FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR DefaultSearchURL: (qvo6) - hxxp://www.google.com CHR DefaultSuggestURL: (qvo6) - "suggest_url": "" CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\13.0.782.220\pdf.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Programme\Google\Chrome\Application\13.0.782.220\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\13.0.782.220\gcswf32.dll () CHR Plugin: (Adobe Acrobat) - C:\Programme\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Programme\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Programme\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programme\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Programme\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (DivX Web Player) - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Updater) - C:\Programme\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Lightning Newtab) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0 CHR Extension: (AT_DJTiesto) - C:\DOKUME~1\dy\LOKALE~1\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2 CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Dokumente und Einstellungen\dy\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR StartMenuInternet: Google Chrome - C:\Programme\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Programme\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com) R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144 2012-02-27] (Apple Inc.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-02-19] () R2 avast! Antivirus; C:\Programme\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S4 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-04-25] (Google Inc.) S4 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2010-05-02] (Google) R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [821608 2012-03-06] (Apple Inc.) S2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-19] (Mozilla Foundation) R2 NitroReaderDriverReadSpool2; C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [196904 2011-12-20] (Nitro PDF Software) R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2003-04-02] (Microsoft Corporation) S3 odserv; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-10-19] (Skype Technologies) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2010-01-29] (Cisco Systems, Inc.) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-29] () S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2003-04-02] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2003-04-02] (Microsoft Corporation) S3 PCANDIS5; C:\WINDOWS\System32\PCANDIS5.SYS [17134 2002-05-02] (Printing Communications Assoc., Inc. (PCAUSA)) R3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [637952 2008-10-01] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1270872 2007-12-14] (IDT, Inc.) S4 IntelIde; No ImagePath S3 Lavasoft Kernexplorer; \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys [x] S0 Lbd; System32\DRIVERS\Lbd.sys [x] S3 PRISM_A02; System32\DRIVERS\PRISMA02.sys [x] S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x] S3 usbbus; system32\DRIVERS\lgusbbus.sys [x] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-29 13:01 - 2013-08-29 13:01 - 00000000 ____D C:\WINDOWS\ERUNT 2013-08-29 12:14 - 2013-08-29 12:57 - 00000324 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-29 12:09 - 2013-08-29 12:58 - 00000300 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-29 12:09 - 2013-08-29 12:10 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-29 12:09 - 2013-08-29 12:10 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-29 12:09 - 2013-08-29 12:10 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-29 12:09 - 2013-08-29 12:09 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk 2013-08-29 12:09 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-29 12:09 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-29 12:09 - 2013-05-09 10:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2013-08-29 12:09 - 2013-05-09 10:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-29 12:09 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-29 12:09 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 12:08 - 2013-08-29 12:08 - 00000000 ____D C:\Programme\AVAST Software 2013-08-29 10:09 - 2013-08-29 10:09 - 00032768 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00020480 ____H C:\Dokumente und Einstellungen\dy\NTUSER.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00001024 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-29 09:12 - 2013-08-29 01:38 - 00024775 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[S0].txt 2013-08-29 09:12 - 2013-08-29 01:34 - 00027797 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[R0].txt 2013-08-29 01:58 - 2013-08-29 01:58 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-08-29 01:24 - 2013-08-29 12:10 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-08-29 01:24 - 2013-08-29 12:10 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-08-29 01:24 - 2013-08-29 12:10 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-08-29 01:23 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-28 09:09 - 2013-08-28 09:09 - 00000000 ____D C:\FRST 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 17:37 - 2013-08-29 12:58 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-27 17:37 - 2013-08-29 12:58 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 10:26 - 2013-08-27 14:49 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-19 14:36 - 2013-08-19 16:43 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-09 20:39 - 2013-08-10 10:30 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari ==================== One Month Modified Files and Folders ======= 2013-08-29 13:04 - 2013-08-29 13:04 - 00004714 _____ C:\Dokumente und Einstellungen\dy\Desktop\JRT.txt 2013-08-29 13:01 - 2013-08-29 13:01 - 00000000 ____D C:\WINDOWS\ERUNT 2013-08-29 12:58 - 2013-08-29 12:09 - 00000300 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-08-29 12:58 - 2013-08-27 17:37 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-08-29 12:58 - 2013-08-27 17:37 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-08-29 12:58 - 2010-10-29 00:44 - 00000264 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-29 12:58 - 2009-06-08 11:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-08-29 12:57 - 2013-08-29 12:14 - 00000324 _____ C:\WINDOWS\WindowsUpdate.log 2013-08-29 12:57 - 2009-06-08 12:28 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2013-08-29 12:57 - 2009-06-08 11:15 - 00032588 _____ C:\WINDOWS\SchedLgU.Txt 2013-08-29 12:57 - 2009-06-08 11:15 - 00000190 ___SH C:\Dokumente und Einstellungen\dy\ntuser.ini 2013-08-29 12:10 - 2013-08-29 12:09 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-29 12:10 - 2013-08-29 12:09 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-29 12:10 - 2013-08-29 12:09 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-29 12:10 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum 2013-08-29 12:10 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum 2013-08-29 12:10 - 2013-08-29 01:24 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum 2013-08-29 12:09 - 2013-08-29 12:09 - 00001653 _____ C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk 2013-08-29 12:09 - 2009-06-08 12:05 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared 2013-08-29 12:09 - 2009-06-08 11:10 - 00002951 _____ C:\WINDOWS\system32\CONFIG.NT 2013-08-29 12:08 - 2013-08-29 12:08 - 00000000 ____D C:\Programme\AVAST Software 2013-08-29 12:08 - 2009-06-08 12:05 - 00000000 ___RD C:\Programme 2013-08-29 11:58 - 2009-06-08 11:38 - 00000000 ___SD C:\Dokumente und Einstellungen\dy\UserData 2013-08-29 11:58 - 2009-06-08 11:15 - 00000000 ____D C:\Dokumente und Einstellungen\dy 2013-08-29 10:16 - 2010-05-16 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Schreibkram 2013-08-29 10:10 - 2003-04-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-08-29 10:09 - 2013-08-29 10:09 - 00032768 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00020480 ____H C:\Dokumente und Einstellungen\dy\NTUSER.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00001024 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-29 10:09 - 2013-08-29 10:09 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-29 10:09 - 2009-06-08 13:03 - 31719424 _____ C:\WINDOWS\system32\config\software.bak 2013-08-29 10:09 - 2009-06-08 13:03 - 04718592 _____ C:\WINDOWS\system32\config\system.bak 2013-08-29 10:09 - 2009-06-08 13:03 - 00524288 _____ C:\WINDOWS\system32\config\default.bak 2013-08-29 10:09 - 2009-06-08 12:04 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak 2013-08-29 10:09 - 2009-06-08 12:04 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak 2013-08-29 10:09 - 2009-06-08 11:15 - 08126464 _____ C:\Dokumente und Einstellungen\dy\NTUSER.bak 2013-08-29 09:32 - 2009-06-08 13:03 - 00000211 ___SH C:\boot.ini 2013-08-29 09:32 - 2003-04-02 14:00 - 00000961 _____ C:\WINDOWS\win.ini 2013-08-29 09:32 - 2003-04-02 14:00 - 00000327 _____ C:\WINDOWS\system.ini 2013-08-29 09:30 - 2012-11-07 22:50 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Skype 2013-08-29 01:58 - 2013-08-29 01:58 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-08-29 01:38 - 2013-08-29 09:12 - 00024775 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[S0].txt 2013-08-29 01:38 - 2010-10-27 18:01 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Programme 2013-08-29 01:38 - 2009-06-08 11:44 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk 2013-08-29 01:34 - 2013-08-29 09:12 - 00027797 _____ C:\Dokumente und Einstellungen\dy\Desktop\AdwCleaner[R0].txt 2013-08-28 09:09 - 2013-08-28 09:09 - 00000000 ____D C:\FRST 2013-08-27 22:03 - 2013-08-27 22:03 - 00008244 _____ C:\Dokumente und Einstellungen\dy\Desktop\install.txt 2013-08-27 21:43 - 2013-08-27 21:43 - 00000611 _____ C:\Dokumente und Einstellungen\dy\Desktop\SUPERAntiSpyware Scan Log - 08-27-2013 - 21-03-58.log 2013-08-27 17:37 - 2013-08-27 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2013-08-27 14:49 - 2013-08-27 10:26 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Eigene Dateien\Fiddler2 2013-08-27 14:49 - 2010-10-29 00:44 - 00000272 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1965331169-839522115-1005.job 2013-08-27 01:40 - 2012-03-08 13:54 - 00000484 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Startmenü\Programme\GildenIdent 2013-08-25 01:13 - 2009-06-08 11:15 - 00000000 ___RD C:\Dokumente und Einstellungen\dy\Startmenü\Programme 2013-08-22 18:04 - 2012-04-27 17:30 - 00000000 ____D C:\Programme\Mozilla Maintenance Service 2013-08-19 16:43 - 2013-08-19 14:36 - 00000000 ____D C:\Programme\Mozilla Firefox 2013-08-16 17:01 - 2012-01-14 17:30 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Desktop\Hochschule 2013-08-11 13:19 - 2013-08-11 13:19 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-08-11 13:19 - 2013-08-11 13:19 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-08-11 13:19 - 2013-08-11 13:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-08-11 13:19 - 2013-08-11 13:19 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java 2013-08-11 13:19 - 2013-02-09 19:19 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-08-11 13:19 - 2012-02-19 13:20 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-08-11 13:19 - 2009-06-08 11:11 - 00000000 ____D C:\Programme\Java 2013-08-10 10:30 - 2013-08-09 20:39 - 00002163 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk 2013-08-09 20:40 - 2011-10-20 20:56 - 00056740 ____H C:\WINDOWS\system32\mlfcache.dat 2013-08-09 20:39 - 2013-08-09 20:39 - 00000000 ____D C:\Programme\Safari 2013-08-09 20:39 - 2011-03-20 11:12 - 00000000 ____D C:\Dokumente und Einstellungen\dy\Anwendungsdaten\Apple Computer 2013-08-05 18:08 - 2009-06-08 12:05 - 00964298 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-30 12:56 - 2013-06-10 10:58 - 00005120 ____H C:\Dokumente und Einstellungen\dy\Desktop\photothumb.db Files to move or delete: ==================== C:\DOKUME~1\dy\LOKALE~1\Temp\Quarantine.exe C:\DOKUME~1\dy\LOKALE~1\Temp\SkypeSetup.exe C:\DOKUME~1\dy\LOKALE~1\Temp\jrt\erunt\ERUNT.EXE C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\aswCmnBS.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\aswCmnIS.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\aswCmnOS.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCUCmnRes.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1025.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1026.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1027.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1028.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1029.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1030.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1031.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1032.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1033.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1035.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1036.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1037.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1038.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1040.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1041.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1042.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1043.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1044.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1045.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1046.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1048.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1049.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1050.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1051.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1053.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1054.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1055.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1056.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1057.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1058.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1059.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1060.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1061.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1062.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1065.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1066.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1081.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1086.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1093.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_1909.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_2052.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_2070.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_2074.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BCULangRes_3082.dll C:\DOKUME~1\dy\LOKALE~1\Temp\7zS5.tmp\BrowserCleanup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2003-04-02 14:00] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2003-05-22 17:47] - [2008-04-14 07:53] - 0109056 ____A (Microsoft Corporation) 4bb6a83640f1d1792ad21ce767b621c6 C:\Windows\System32\User32.dll [2003-04-02 14:00] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2003-04-02 14:00] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2003-04-02 14:00] - [2008-04-14 07:22] - 0053760 ___AC (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ |
29.08.2013, 12:29 | #8 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Gut. Wie läuft der Rechner jetzt? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
29.08.2013, 14:41 | #9 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Rechner Läuft wieder normal; fährt in angemessener Zeit hoch, kann auch wieder auf alles ohne Probleme zugreifen. Hab nur noch zwei Frage zu Avast! Gelegentlich kommt ein Popup das mich auffordert ein Google Plugin (ich meine Internet Security) zu instalieren habe die Hacken entsprechend der Beschreibung überall gesetzt oder rausgenommen, außer bei der Installation, da wurde der Punkt "Secureline" angeführt in der Beschreibung habe ich dazu nichts gefunden, hat das was miteinander zutun? Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013 Ran by dy at 2013-08-29 13:37:43 Run:1 Running from C:\Dokumente und Einstellungen\dy\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=&utm_content=sc&from=cor&uid=HitachiXHDP725050GLA360_GEA534RJ0KR7MA0KR7MAX&ts=1377613761 ***************** HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. ==== End of Fixlog ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c1880a320b4f6b45bf0fafe1fcd06cc6 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-20 03:02:19 # local_time=2012-02-20 04:02:19 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777215 100 0 61902125 61902125 0 0 # compatibility_mode=8192 67108863 100 0 4981 4981 0 0 # scanned=123546 # found=0 # cleaned=0 # scan_time=2931 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c1880a320b4f6b45bf0fafe1fcd06cc6 # engine=14941 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-08-29 01:27:01 # local_time=2013-08-29 03:27:01 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=774 16777213 85 88 11779 154492693 0 0 # scanned=191550 # found=0 # cleaned=0 # scan_time=4720 |
29.08.2013, 14:49 | #10 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Gut, dann räumen wir hier noch auf. Die Frage zu avast kann ich dir so grad nicht beantworten. Vielleicht weiss es im Unterforum Antiviren-, Firewall- und andere Schutzprogramme - Trojaner-Board jemand. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
29.08.2013, 20:51 | #11 |
| Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Von Meiner seite ist dann soweit alles schick. Vielen dank für deine Hilfe!! Thema kann geschlossen werden. |
29.08.2013, 22:42 | #12 |
/// TB-Ausbilder | Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung Danke für die Rückmeldung. Freut mich, dass wir helfen konnten. Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Trojan Agent Gen-BHO/ PUP.Optional.Lyrixeeker/ donedrive.net bug Meldung |
administrator, adobe flash player, computer, converter, donedrive.net, explorer, flash player, install.exe, internet, microsoft, programme, pup.optional.adlyrics, pup.optional.browsefox.a, pup.optional.elex, pup.optional.esafe.a, pup.optional.installcore.a, pup.optional.lyricxeeker.a, pup.optional.lyrixeeker, pup.optional.pcperformer.a, roboot.exe, super, superantispyware, trojan agent |