Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ständig Weiterleitung auf unerwünschte Werbeseiten (https://www.trojaner-board.de/119605-staendig-weiterleitung-unerwuenschte-werbeseiten.html)

bettrett 16.07.2012 07:10
Ständig Weiterleitung auf unerwünschte Werbeseiten
 
Hallo zusammen,

ich habe folgendes Problem: Seit ein paar Tagen werde ich beim Internet Explorer auf Werbeseiten weitergeleitet. Dieses passiert meistens, wenn ich etwas lese und auf die nächste Seite klicken möchte oder einen Artikel lesen möchte.
Es erscheint oben vor der weiterleitung die Internetadresse z.B "benathome", leider bin ich nicht schnell genung, mir die Adressen aufzuschreiben. Danach lande ich auf Otto.de oder bei Ebay.

Avira und Adaware habe ich schon zig mal durchlaufen lassen, aber es wird keine Virus oder ähnliches angezeigt.

Ich hoffe ihr könnt mir helfen

Gruss bettina

Chris4You 16.07.2012 11:18
Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

AdwareCleaner (AdwCleaner)
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
Poste die Logfiles in Code-Tags
Download über AdwCleaner by Xplode zum Desktop.
http://www.imgdumper.nl/uploads5/4fd...Cleaner_00.jpg
Starte AdwCleaner und klicke Search
Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum.

chris

bettrett 16.07.2012 18:28
Hallo, vielen Dank, ich hoffe so ist es richtig gepostet:

# AdwCleaner v1.702 - Logfile created 07/16/2012 at 19:18:59
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : betti - BETTI-PC
# Running from : C:\Users\betti\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\betti\AppData\Local\Conduit
Folder Found : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Found : C:\Users\betti\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\betti\AppData\LocalLow\Conduit
Folder Found : C:\Users\betti\AppData\LocalLow\pdfforge
Folder Found : C:\Users\betti\AppData\LocalLow\PriceGong
Folder Found : C:\Users\betti\AppData\LocalLow\Search Settings
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.6 (de)

Profile name : default
File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js

Found : user_pref("CT2431245..clientLogIsEnabled", true);
Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "20-5-2011");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 488);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200");

der zweite log :OTL Logfile:
Code:
OTL logfile created on: 16.07.2012 07:56:55 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\betti\Pictures\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,43% Memory free
7,93 Gb Paging File | 5,85 Gb Available in Paging File | 73,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 226,18 Gb Free Space | 50,24% Space Free | Partition Type: NTFS
Drive E: | 523,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BETTI-PC | User Name: betti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.16 07:56:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\betti\Pictures\Downloads\OTL.exe
PRC - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe
PRC - [2012.05.23 19:02:16 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.05.23 19:02:15 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012.05.08 22:32:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:32:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:32:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.09.15 11:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.11.04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
PRC - [2009.10.29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
PRC - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 02:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.18 09:38:18 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.11 08:10:17 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe
MOD - [2012.07.16 07:36:58 | 000,018,432 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\Tools.dll
MOD - [2012.06.17 11:37:25 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll
MOD - [2012.06.15 22:19:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.15 22:18:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.15 22:18:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.12 10:25:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.12 10:25:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.12 10:25:19 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.12 10:25:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
MOD - [2009.10.02 14:02:56 | 000,246,800 | ---- | M] () -- c:\PROGRA~2\mcafee\msk\mskapbho.dll
MOD - [2009.06.11 08:10:17 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 14:04:22 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008.06.26 04:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll
MOD - [2008.06.26 04:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
MOD - [2008.06.26 04:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.23 19:02:15 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.08 22:32:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:32:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.11.04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.10.29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009.10.28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.10.27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.10.02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.18 22:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.03.27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 22:32:46 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:32:46 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.04.16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.08.14 16:54:54 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.21 08:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.26 22:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.24 23:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009.03.25 13:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2011.12.29 20:52:30 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.02 08:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.05 19:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.27 22:30:05 | 000,000,000 | ---D | M]
 
[2010.07.04 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Extensions
[2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions
[2010.09.16 22:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.06 18:42:10 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.06 18:42:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com
[2011.05.21 13:15:52 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@plasmoo.com
[2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.11 23:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.24 12:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 22:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011.10.19 11:01:51 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 94.228.209.244 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 94.228.209.244 ad-emea.doubleclick.net.
O1 - Hosts: 94.228.209.244 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O1 - Hosts: 178.250.45.15 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [WAREHaus easy] C:\Program Files (x86)\Nebenkosten easy\UDT2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A0BA60-C2F9-4CE3-BE13-CEDD9A476836}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 40.0.0.1 40.0.0.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (EsqehqoDbedb.dll) -  File not found
O29 - HKLM SecurityProviders - (EsqehqoDbedb.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.09 15:12:24 | 000,000,103 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AnnoFinder.exe -- [2003.10.09 16:09:22 | 000,036,864 | R--- | M] ()
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\Setup\command - "" = E:\setup.exe -- [2002.12.02 15:33:00 | 000,107,512 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.16 07:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 07:59:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 07:55:06 | 000,000,000 | ---- | M] () -- C:\Users\betti\defogger_reenable
[2012.07.16 07:44:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 07:44:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 07:39:34 | 000,039,566 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.07.16 07:36:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 07:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 07:36:14 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012.07.14 23:06:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.14 23:06:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.11 03:31:05 | 005,107,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 23:02:42 | 000,138,100 | ---- | M] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.16 07:55:06 | 000,000,000 | ---- | C] () -- C:\Users\betti\defogger_reenable
[2012.07.03 23:02:41 | 000,138,100 | ---- | C] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf
[2012.01.21 22:44:15 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Local\{B15CD112-9CEC-4C3F-9579-841D251F031C}
[2011.12.29 20:52:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.29 20:52:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.12.13 08:51:27 | 000,000,132 | ---- | C] () -- C:\Windows\medigraf.INI
[2011.03.19 19:45:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.03.06 18:51:56 | 000,000,929 | ---- | C] () -- C:\Users\betti\.recently-used.xbel
[2010.12.06 20:34:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.06 20:34:23 | 000,011,129 | ---- | C] () -- C:\Users\betti\AppData\Roaming\SmarThruOptions.xml
[2010.12.06 20:34:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.12.06 20:34:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.12.06 20:33:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.12.06 20:33:43 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.12.06 20:31:22 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010.11.01 14:34:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.08.22 16:09:07 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\chrtmp
[2010.07.06 19:31:48 | 000,007,680 | ---- | C] () -- C:\Users\betti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 21:18:44 | 000,566,427 | ---- | C] () -- C:\Users\betti\.pdf.pdf
[2010.02.14 00:52:34 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2010.06.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Canon
[2011.08.14 13:14:58 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.11 14:51:23 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.19 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\DVDVideoSoft
[2011.05.21 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.11 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\EPSON
[2010.02.14 00:57:00 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\eSobi
[2011.03.06 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\gtk-2.0
[2011.03.21 11:45:31 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\innoPlus
[2011.10.07 19:52:03 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Jens Lorek
[2012.01.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Lexware
[2012.05.28 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\MAGIX
[2010.12.06 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\SmarThru4
[2010.05.09 01:46:57 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\SoftDMA
[2011.08.14 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.28 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Template
[2012.07.02 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\VSO
[2010.08.02 07:52:30 | 000,000,000 | ---D | M] -- C:\Users\betti\AppData\Roaming\Windows Live Writer
[2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012.04.01 01:00:09 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.05.18 07:26:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >
--- --- ---

der dritte dauert noch einen moment, vielleicht hilft das ja shcon ein wenig weiter. DANKE

und hier das letzte:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.16.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
betti :: BETTI-PC [Administrator]

Schutz: Aktiviert

16.07.2012 19:14:37
mbam-log-2012-07-16 (22-29-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469756
Laufzeit: 2 Stunde(n), 42 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_magix-video-deluxe-mx.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

ich hoffe es ist noch was zu retten...

Danke lg Betti

und hier das letzte:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.16.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
betti :: BETTI-PC [Administrator]

Schutz: Aktiviert

16.07.2012 19:14:37
mbam-log-2012-07-16 (22-29-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469756
Laufzeit: 2 Stunde(n), 42 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\betti\Pictures\Downloads\SoftonicDownloader_fuer_magix-video-deluxe-mx.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

ich hoffe es ist noch was zu retten...

Danke lg Betti

Chris4You 17.07.2012 06:58
Hi,

here we go...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Windows\Wiainst.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
MOD - [2012.07.16 07:36:58 | 000,132,096 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\udt.exe
MOD - [2012.07.16 07:36:58 | 000,018,432 | ---- | M] () -- C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH138\Tools.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
[2010.12.06 20:31:22 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Falls Adware gefunden wurde:
AdwareCleaner
Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
  • Klicke Delete
  • Klicke bei:AdwCleaner-Information OK
  • Klicke bei:AdwCleaner-Restart Required OK
Alle Icons werden kurzzeitig verschwinden...
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum.

Poste dann noch ein neues OTL-Log...

chris

bettrett 17.07.2012 18:37
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
C:\Windows\Wiainst.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: betti
->Temp folder emptied: 65368046 bytes
->Temporary Internet Files folder emptied: 593030390 bytes
->Java cache emptied: 16590860 bytes
->FireFox cache emptied: 92254326 bytes
->Google Chrome cache emptied: 6337660 bytes
->Flash cache emptied: 57067 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 14113 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349183952 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36052464 bytes
RecycleBin emptied: 8476818892 bytes

Total Files Cleaned = 9.189,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07172012_081000

Files\Folders moved on Reboot...
C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18OJTH9\schlauch-pflege-wie-oft-putzt-ihr-240223-4[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRQEMQ0U\54791-anleitung-uploadchannel-trojaner-board[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[2].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[3].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[4].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\data_sync[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9CWR0NH\data_sync[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[4].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[5].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMNR4YTW\afr[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM1TBPQT\ads[3].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD682KN8\ads[3].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4LGLFST\analysis[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2A8VS0\119605-staendig-weiterleitung-unerwuenschte-werbeseiten[1].htm moved successfully.
File\Folder C:\Windows\temp\mcafee_bmANqlY31Mc7FGl not found!
File\Folder C:\Windows\temp\mcmsc_231dXWyoXIvCESb not found!
File\Folder C:\Windows\temp\mcmsc_96WpFpvq0YGa4xx not found!
File\Folder C:\Windows\temp\mcmsc_oWOLoU5Yr3qvrwM not found!
File\Folder C:\Windows\temp\mcmsc_ZDpaZ48GpsTO3Kw not found!
File\Folder C:\Windows\temp\sqlite_HjjE4hgtiq0qvvF not found!
File\Folder C:\Windows\temp\sqlite_ki97wjr6ovwLdxq not found!
File\Folder C:\Windows\temp\sqlite_mNXhR42kPek5NNM not found!
File\Folder C:\Windows\temp\sqlite_UYMiBUKgbRWyNT9 not found!

PendingFileRenameOperations files...
File C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18OJTH9\schlauch-pflege-wie-oft-putzt-ihr-240223-4[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRQEMQ0U\54791-anleitung-uploadchannel-trojaner-board[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[2].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[3].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\afr[4].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH1LL87B\data_sync[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9CWR0NH\data_sync[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[4].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6QJKX1D\ads[5].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMNR4YTW\afr[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM1TBPQT\ads[3].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD682KN8\ads[3].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4LGLFST\analysis[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2A8VS0\119605-staendig-weiterleitung-unerwuenschte-werbeseiten[1].htm not found!
File C:\Windows\temp\mcafee_bmANqlY31Mc7FGl not found!
File C:\Windows\temp\mcmsc_231dXWyoXIvCESb not found!
File C:\Windows\temp\mcmsc_96WpFpvq0YGa4xx not found!
File C:\Windows\temp\mcmsc_oWOLoU5Yr3qvrwM not found!
File C:\Windows\temp\mcmsc_ZDpaZ48GpsTO3Kw not found!
File C:\Windows\temp\sqlite_HjjE4hgtiq0qvvF not found!
File C:\Windows\temp\sqlite_ki97wjr6ovwLdxq not found!
File C:\Windows\temp\sqlite_mNXhR42kPek5NNM not found!
File C:\Windows\temp\sqlite_UYMiBUKgbRWyNT9 not found!

Registry entries deleted on Reboot...

leider hat mich der akku im stich gelassen und von virustotal ist die datei nicht mehr auffindbar.
kann ich da noch was machen?

Ich hoffe so ist es richtig mit dem log.

bettina

hier der log vom adware cleaner.
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 19:41:30
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : betti - BETTI-PC
# Running from : C:\Users\betti\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\betti\AppData\Local\Conduit
Folder Found : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Found : C:\Users\betti\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\betti\AppData\LocalLow\Conduit
Folder Found : C:\Users\betti\AppData\LocalLow\pdfforge
Folder Found : C:\Users\betti\AppData\LocalLow\PriceGong
Folder Found : C:\Users\betti\AppData\LocalLow\Search Settings
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.6 (de)

Profile name : default
File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js

Found : user_pref("CT2431245..clientLogIsEnabled", true);
Found : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "20-5-2011");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");
Found : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("CT2431245.FeedLastCount129009402595187825", 488);
Found : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri May 20 2011 07:50:27 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri May 20 2011 07:50:29 GMT+0200");
Found : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2431245.FeedTTL7470634017109031809", 30);
Found : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Found : user_pref("CT2431245.FirstServerDate", "20-5-2011");
Found : user_pref("CT2431245.FirstTime", true);
Found : user_pref("CT2431245.FirstTimeFF3", true);
Found : user_pref("CT2431245.FixPageNotFoundErrors", true);
Found : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2431245.HasUserGlobalKeys", true);
Found : user_pref("CT2431245.Initialize", true);
Found : user_pref("CT2431245.InitializeCommonPrefs", true);
Found : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2431245.InstallationId", "Unknown");
Found : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Found : user_pref("CT2431245.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("CT2431245.InvalidateCache", false);
Found : user_pref("CT2431245.IsGrouping", false);
Found : user_pref("CT2431245.IsMulticommunity", false);
Found : user_pref("CT2431245.IsOpenThankYouPage", false);
Found : user_pref("CT2431245.IsOpenUninstallPage", true);
Found : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200");
Found : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2431245.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Found : user_pref("CT2431245.Locale", "de-de");
Found : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Found : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Found : user_pref("CT2431245.RadioIsPodcast", false);
Found : user_pref("CT2431245.RadioLastCheckTime", "Fri May 20 2011 07:50:28 GMT+0200");
Found : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Found : user_pref("CT2431245.RadioMediaID", "20503672");
Found : user_pref("CT2431245.RadioMediaType", "Media Player");
Found : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Found : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Found : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Found : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2431245.SearchInNewTabEnabled", true);
Found : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200");
Found : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Found : user_pref("CT2431245.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Found : user_pref("CT2431245.SettingsLastUpdate", "1305800360");
Found : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri May 20 2011 07:50:22 GMT+0200");
Found : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2431245.UserID", "UN19394633091674662");
Found : user_pref("CT2431245.WeatherNetwork", "");
Found : user_pref("CT2431245.WeatherPollDate", "Fri May 20 2011 07:50:25 GMT+0200");
Found : user_pref("CT2431245.WeatherUnit", "C");
Found : user_pref("CT2431245.alertChannelId", "825452");
Found : user_pref("CT2431245.backendstorage.for_aoi", "31333035383730363332");
Found : user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C");
Found : user_pref("CT2431245.backendstorage.for_cdtr5", "31333035383730363332");
Found : user_pref("CT2431245.backendstorage.for_cid", "4445");
Found : user_pref("CT2431245.backendstorage.for_ip", "39322E37322E33332E3233");
Found : user_pref("CT2431245.backendstorage.for_lcut", "31333035383730363333");
Found : user_pref("CT2431245.backendstorage.for_pid", "31303130");
Found : user_pref("CT2431245.backendstorage.for_rid", "3037");
Found : user_pref("CT2431245.backendstorage.for_zoneid", "39353933");
Found : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT2431245.myStuffEnabled", true);
Found : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2431245.testingCtid", "");
Found : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63441308206287[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 20 2011 07:50:21 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "f6153b5d-335e-46a4-92db-f95bbe45c270");
Found : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 08");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN50644644229747811");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [20354 octets] - [16/07/2012 19:18:59]
AdwCleaner[R2].txt - [20415 octets] - [16/07/2012 19:20:06]
AdwCleaner[R3].txt - [20375 octets] - [17/07/2012 19:41:30]

########## EOF - C:\AdwCleaner[R3].txt - [20504 octets] ##########

Chris4You 18.07.2012 06:38
Hi,

MAM alle Funde löschen lassen, nie was von Softonic runterladen, die installieren alles möglich gleich mit...

Hast Du alle Funde von Adware wie beschrieben löschen lassen?
AdwareCleaner
Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
  • Klicke Delete
  • Klicke bei:AdwCleaner-Information OK
  • Klicke bei:AdwCleaner-Restart Required OK
Alle Icons werden kurzzeitig verschwinden...
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum.

chris

bettrett 18.07.2012 06:49
Guten Morgen, hier das Logfile.
Habe mit MAM alles löschen lassen. Kann ich das Programm weiter nutzen um den Rechner durchsuchen zu lassen?

Log:

# AdwCleaner v1.702 - Logfile created 07/18/2012 at 07:42:50
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : betti - BETTI-PC
# Running from : C:\Users\betti\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\betti\AppData\Local\Conduit
Folder Deleted : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Deleted : C:\Users\betti\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\betti\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\betti\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\betti\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\betti\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\Conduit
Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\ConduitEngine
Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Deleted : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@conduit.com
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.6 (de)

Profile name : default
File : C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\eldirn3t.default\prefs.js

Deleted : user_pref("CT2431245..clientLogIsEnabled", true);
Deleted : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "20-5-2011");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 488);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Fri May 20 2011 07:50:27 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Fri May 20 2011 07:50:29 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FeedTTL7470634017109031809", 30);
Deleted : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Deleted : user_pref("CT2431245.FirstServerDate", "20-5-2011");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.HasUserGlobalKeys", true);
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2431245.InstallationId", "Unknown");
Deleted : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Deleted : user_pref("CT2431245.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("CT2431245.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Fri May 20 2011 07:50:28 GMT+0200");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.ServiceMapLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1305800360");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Fri May 20 2011 07:50:22 GMT+0200");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2431245.UserID", "UN19394633091674662");
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Fri May 20 2011 07:50:25 GMT+0200");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.for_aoi", "31333035383730363332");
Deleted : user_pref("CT2431245.backendstorage.for_ccid", "6E756C6C");
Deleted : user_pref("CT2431245.backendstorage.for_cdtr5", "31333035383730363332");
Deleted : user_pref("CT2431245.backendstorage.for_cid", "4445");
Deleted : user_pref("CT2431245.backendstorage.for_ip", "39322E37322E33332E3233");
Deleted : user_pref("CT2431245.backendstorage.for_lcut", "31333035383730363333");
Deleted : user_pref("CT2431245.backendstorage.for_pid", "31303130");
Deleted : user_pref("CT2431245.backendstorage.for_rid", "3037");
Deleted : user_pref("CT2431245.backendstorage.for_zoneid", "39353933");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.testingCtid", "");
Deleted : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Fri May 20 2011 07:50:25 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63441308206287[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2431245");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2431245");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 20 2011 07:50:24 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 20 2011 07:50:21 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f6153b5d-335e-46a4-92db-f95bbe45c270");
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 08");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri May 20 2011 07:50:22 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN50644644229747811");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri May 20 2011 07:50:23 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [20354 octets] - [16/07/2012 19:18:59]
AdwCleaner[R2].txt - [20415 octets] - [16/07/2012 19:20:06]
AdwCleaner[R3].txt - [20476 octets] - [17/07/2012 19:41:30]
AdwCleaner[S1].txt - [19436 octets] - [18/07/2012 07:42:50]

########## EOF - C:\AdwCleaner[S1].txt - [19565 octets] ##########

Gruss Bettina

Chris4You 18.07.2012 07:01
Hi,

ja Du kannst MAM weiter nutzen, 1x die Woche updaten und dann Scannen lassen.

Erstelle und poste bitte noch ein neues OTL-Logfile...

Wie verhält sich der Rechner?

chris

bettrett 18.07.2012 07:23
Also es scheint wieder normal zu sein. Ich werde nach der Arbeit nochmal in Ruhe prüfen ob ich wieder weitergeleitet werde. Hier der OTL logOTL Logfile:
Code:
OTL logfile created on: 18.07.2012 08:07:09 - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\betti\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,25% Memory free
7,93 Gb Paging File | 5,62 Gb Available in Paging File | 70,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 233,05 Gb Free Space | 51,77% Space Free | Partition Type: NTFS
Drive E: | 523,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BETTI-PC | User Name: betti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe ()
PRC - C:\Users\betti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe ()
MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.02 08:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.05 19:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.27 22:30:05 | 000,000,000 | ---D | M]
 
[2010.07.04 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Extensions
[2012.07.18 07:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions
[2010.09.16 22:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.21 13:15:52 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\betti\AppData\Roaming\mozilla\Firefox\Profiles\eldirn3t.default\extensions\engine@plasmoo.com
[2012.07.15 15:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.11 23:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.24 12:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 22:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
 
O1 HOSTS File: ([2011.10.19 11:01:51 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 94.228.209.244 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 94.228.209.244 ad-emea.doubleclick.net.
O1 - Hosts: 94.228.209.244 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O1 - Hosts: 178.250.45.15 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [WAREHaus easy] C:\Program Files (x86)\Nebenkosten easy\UDT2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\betti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47A0BA60-C2F9-4CE3-BE13-CEDD9A476836}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E49A12-9959-489B-B3D2-2A6E3A19E6AF}: DhcpNameServer = 40.0.0.1 40.0.0.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (EsqehqoDbedb.dll) -  File not found
O29 - HKLM SecurityProviders - (EsqehqoDbedb.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.09 15:12:24 | 000,000,103 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AnnoFinder.exe -- [2003.10.09 16:09:22 | 000,036,864 | R--- | M] ()
O33 - MountPoints2\{53492d6d-9f7b-11de-a983-806e6f6e6963}\Shell\Setup\command - "" = E:\setup.exe -- [2002.12.02 15:33:00 | 000,107,512 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 08:10:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.16 19:13:19 | 000,000,000 | ---D | C] -- C:\Users\betti\AppData\Roaming\Malwarebytes
[2012.07.16 19:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:12:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 19:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 19:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:10:37 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\betti\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.16 19:08:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\betti\Desktop\OTL.exe
[2012.07.16 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.16 07:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.11 03:02:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 03:02:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 03:02:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 03:02:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 03:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 03:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 03:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 03:02:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 03:02:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 03:02:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 03:02:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 03:02:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 02:18:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.19 17:24:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 17:24:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 17:24:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 17:24:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 17:24:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 17:24:25 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 17:24:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 17:24:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2009.08.22 08:22:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 07:59:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.18 07:52:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 07:52:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 07:46:44 | 000,039,952 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.07.18 07:44:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 07:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 07:44:25 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 07:24:29 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.18 07:24:29 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.16 19:18:41 | 000,624,883 | ---- | M] () -- C:\Users\betti\Desktop\adwcleaner.exe
[2012.07.16 19:12:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 19:10:45 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\betti\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.16 19:08:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\betti\Desktop\OTL.exe
[2012.07.16 07:55:06 | 000,000,000 | ---- | M] () -- C:\Users\betti\defogger_reenable
[2012.07.15 12:59:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012.07.11 03:31:05 | 005,107,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 23:02:42 | 000,138,100 | ---- | M] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.16 19:18:33 | 000,624,883 | ---- | C] () -- C:\Users\betti\Desktop\adwcleaner.exe
[2012.07.16 19:12:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 07:55:06 | 000,000,000 | ---- | C] () -- C:\Users\betti\defogger_reenable
[2012.07.03 23:02:41 | 000,138,100 | ---- | C] () -- C:\Users\betti\Documents\__shop.derticketservice.de_frankenheim-kino_details.html_eventid=386984.pdf
[2012.01.21 22:44:15 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Local\{B15CD112-9CEC-4C3F-9579-841D251F031C}
[2011.12.29 20:52:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.29 20:52:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.12.13 08:51:27 | 000,000,132 | ---- | C] () -- C:\Windows\medigraf.INI
[2011.03.19 19:45:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.03.06 18:51:56 | 000,000,929 | ---- | C] () -- C:\Users\betti\.recently-used.xbel
[2010.12.06 20:34:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.06 20:34:23 | 000,011,129 | ---- | C] () -- C:\Users\betti\AppData\Roaming\SmarThruOptions.xml
[2010.12.06 20:34:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.12.06 20:34:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.12.06 20:33:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.12.06 20:33:43 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.11.01 14:34:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.08.22 16:09:07 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\chrtmp
[2010.07.06 19:31:48 | 000,007,680 | ---- | C] () -- C:\Users\betti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 21:18:44 | 000,566,427 | ---- | C] () -- C:\Users\betti\.pdf.pdf
[2010.02.14 00:52:34 | 000,000,000 | ---- | C] () -- C:\Users\betti\AppData\Roaming\wklnhst.dat

< End of report >
--- --- ---

Gruss bettina

Chris4You 18.07.2012 07:28
Hi,

ganz aufgeräumt ist noch nicht, dann laufen da noch ein Programm bzw. Modul die ich nicht kenne:
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe
C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Prüfe mal in Ruhe alles und melde Dich dann wieder...

chris

bettrett 18.07.2012 07:34
hi,

den ersten habe ich noch geschafft, der Rest später



SHA256:

bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e





















File name:

udt.exe















Detection ratio:

3 / 44



Analysis date:

2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20110922



AntiVir

-

20110922



Antiy-AVL

-

20110922



Avast

-

20110922



Avast5

-

20110922



AVG

-

20110922



BitDefender

-

20110923



ByteHero

-

20110913



CAT-QuickHeal

-

20110922



ClamAV

-

20110923



Commtouch

-

20110922



Comodo

Heur.Suspicious

20110923



DrWeb

-

20110922



Emsisoft

-

20110923



eSafe

-

20110920



eTrust-Vet

-

20110922



F-Prot

-

20110922



F-Secure

-

20110923



Fortinet

-

20110923



GData

-

20110923



Ikarus

-

20110923



Jiangmin

-

20110922



K7AntiVirus

-

20110922



Kaspersky

-

20110922



McAfee

-

20110923



McAfee-GW-Edition

-

20110922



Microsoft

-

20110922



NOD32

-

20110923



Norman

-

20110922



nProtect

-

20110922



Panda

-

20110922



PCTools

-

20110923



Prevx

-

20110923



Rising

-

20110922



Sophos

-

20110923



SUPERAntiSpyware

-

20110923



Symantec

-

20110923



TheHacker

-

20110922



TrendMicro

PAK_Generic.001

20110922



TrendMicro-HouseCall

PAK_Generic.001

20110923



VBA32

-

20110922



VIPRE

-

20110922



ViRobot

-

20110922



VirusBuster

-

20110922

Comments
Votes
Additional information



No comments



















































You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

SHA256:

bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e



SHA1:

370e0ebb80b2b2e93227077d6491e165d487c5ab



MD5:

92190d79bc842037105b3b2aa8df41e0



File size:

129.0 KB ( 132096 bytes )



File name:

udt.exe



File type:

Win32 EXE



Tags:

upx



Detection ratio:

3 / 44



Analysis date:

2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago

Chris4You 18.07.2012 08:39
Hi,

Dateien die ausführbar sind und in einem temporären Verzeichnis liegen, sind immer sehr ... äh... verdächtig. Ich würde sie Plattmachen...

Schauen wir mal was die zweite Datei bringt...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
PRC - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\udt.exe ()
MOD - C:\Users\betti\AppData\Local\Temp\UDT-ABBAMGCHGAOGDHBBFHFH2\Tools.dll ()

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

bettrett 18.07.2012 16:05
hallo, die weiterleitung ist immer noch da.... oben auf dem Reiter des explorers erscheint kurz " google analytics! " und dann steht da document has moved...

hier der erste log von virustotal



SHA256:

bf06f847756d9bc6cd270dc437757aae6a95099fd2a663d1ccfbe505fa34d46e



SHA1:

370e0ebb80b2b2e93227077d6491e165d487c5ab



MD5:

92190d79bc842037105b3b2aa8df41e0



File size:

129.0 KB ( 132096 bytes )



File name:

udt.exe



File type:

Win32 EXE



Tags:

upx



Detection ratio:

3 / 44



Analysis date:

2011-09-23 00:44:17 UTC ( 9 Monate, 4 Wochen ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20110922



AntiVir

-

20110922



Antiy-AVL

-

20110922



Avast

-

20110922



Avast5

-

20110922



AVG

-

20110922



BitDefender

-

20110923



ByteHero

-

20110913



CAT-QuickHeal

-

20110922



ClamAV

-

20110923



Commtouch

-

20110922



Comodo

Heur.Suspicious

20110923



DrWeb

-

20110922



Emsisoft

-

20110923



eSafe

-

20110920



eTrust-Vet

-

20110922



F-Prot

-

20110922



F-Secure

-

20110923



Fortinet

-

20110923



GData

-

20110923



Ikarus

-

20110923



Jiangmin

-

20110922



K7AntiVirus

-

20110922



Kaspersky

-

20110922



McAfee

-

20110923



McAfee-GW-Edition

-

20110922



Microsoft

-

20110922



NOD32

-

20110923



Norman

-

20110922



nProtect

-

20110922



Panda

-

20110922



PCTools

-

20110923



Prevx

-

20110923



Rising

-

20110922



Sophos

-

20110923



SUPERAntiSpyware

-

20110923



Symantec

-

20110923



TheHacker

-

20110922



TrendMicro

PAK_Generic.001

20110922



TrendMicro-HouseCall

PAK_Generic.001

20110923



VBA32

-

20110922



VIPRE

-

20110922



ViRobot

-

20110922



VirusBuster

-

20110922

und Nr. 2



SHA256:

59a5f56d17385221c843089748ae43255885f6fd0bef079025ad1c8acb0bfef0



SHA1:

73da47149639f136d6918e885cb685fe52e8595c



MD5:

4629be29c872be99dff638b1dbae2dba



File size:

18.0 KB ( 18432 bytes )



File name:

4629BE29C872BE99DFF638B1DBAE2DBA



File type:

Win32 DLL



Tags:

armadillo



Detection ratio:

2 / 40



Analysis date:

2012-05-16 07:08:05 UTC ( 2 Monate ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20120515



AntiVir

-

20120516



Antiy-AVL

-

20120516



Avast

-

20120516



AVG

-

20120516



BitDefender

-

20120516



ByteHero

-

20120515



CAT-QuickHeal

-

20120515



ClamAV

-

20120516



Commtouch

-

20120516



Comodo

-

20120516



DrWeb

-

20120516



Emsisoft

-

20120516



eSafe

-

20120515



eTrust-Vet

-

20120515



F-Prot

-

20120516



F-Secure

-

20120516



Fortinet

-

20120516



GData

-

20120516



Ikarus

-

20120516



Jiangmin

-

20120516



K7AntiVirus

-

20120515



Kaspersky

-

20120516



McAfee

-

20120516



McAfee-GW-Edition

-

20120516



Microsoft

-

20120516



NOD32

-

20120516



Norman

-

20120516



nProtect

-

20120516



PCTools

-

20120516



Rising

-

20120516



SUPERAntiSpyware

-

20120516



Symantec

-

20120516



TheHacker

-

20120516



TrendMicro

PAK_Generic.001

20120516



TrendMicro-HouseCall

PAK_Generic.001

20120516



VBA32

-

20120515



VIPRE

-

20120516



ViRobot

-

20120516



VirusBuster

-

20120515


Gruss Bettina

All processes killed
========== OTL ==========
No active process named udt.exe was found!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: betti
->Temp folder emptied: 1420832 bytes
->Temporary Internet Files folder emptied: 19732533 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 671 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119049715 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 844416 bytes

Total Files Cleaned = 135,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_170840

Files\Folders moved on Reboot...
C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\119605-staendig-weiterleitung-unerwuenschte-werbeseiten-2[1].htm moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\st[1] moved successfully.
C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1GWF9CM\bv[1].htm moved successfully.
File\Folder C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3W2OKC\analysis[2].htm not found!
File\Folder C:\Windows\temp\mcmsc_RHbk7hcgLudPvui not found!
File\Folder C:\Windows\temp\mcmsc_yRopT3FG0UKI8v9 not found!
File\Folder C:\Windows\temp\sqlite_DLIhQ06jbwWpIle not found!
File\Folder C:\Windows\temp\sqlite_fJ39IMpK3KMyzAy not found!
File\Folder C:\Windows\temp\sqlite_OwghS48YNR6uecI not found!
File\Folder C:\Windows\temp\sqlite_rKrDf03AKywhbee not found!

PendingFileRenameOperations files...
File C:\Users\betti\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\119605-staendig-weiterleitung-unerwuenschte-werbeseiten-2[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHT4NHE6\st[1] not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1GWF9CM\bv[1].htm not found!
File C:\Users\betti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3W2OKC\analysis[2].htm not found!
File C:\Windows\temp\mcmsc_RHbk7hcgLudPvui not found!
File C:\Windows\temp\mcmsc_yRopT3FG0UKI8v9 not found!
File C:\Windows\temp\sqlite_DLIhQ06jbwWpIle not found!
File C:\Windows\temp\sqlite_fJ39IMpK3KMyzAy not found!
File C:\Windows\temp\sqlite_OwghS48YNR6uecI not found!
File C:\Windows\temp\sqlite_rKrDf03AKywhbee not found!

Registry entries deleted on Reboot...


aber die Weiterleitung ist immer noch drin. es erscheint "document has moved", oben im Reiter steht kurz google analytics.

LG Bettina

Chris4You 20.07.2012 07:16
Hi,

jetzt musst Du mir mal genau erklären was Du machst.
Google-Analytics ist ein Google-Dienst...
Du startest Firefox und eine Suchanfrage, dann klickst Du auf einen Fund und dann kommt innerhalb der Page der Hinweis auf die Redirection. Passiert das bei allen Funden oder nur bei bestimmten? Bitte die URL wo das passiert als private PM an mich. Es gibt tatsächlich Sachverhalte, wo der Seiteninhaber seine Pages reorganisiert hat und eine weiterleitung stattfindet, da er die Inhalte verschoben hat...

Poste bitte noch ein neues OTL-Log...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131